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About This Guide 


If you are responsible for configuring filter options on Wellfleet® 
routers, you need to read this guide. It provides 


Oo 


Of 
Oo 
Oo 


An overview of inbound traffic filters 
Instructions on configuring inbound filters 
An overview of outbound filters and protocol prioritization 


Instructions on configuring protocol prioritization and outbound 
filters 


Before You Begin 


Before using this guide, you must complete the following procedures: 


1. 


Install the router hardware. For instructions, refer to one of the 
following: 


o Installing and Maintaining BN Routers 

Installing and Maintaining ASN Routers 

Installing and Starting AN Routers 

Installing and Starting 8-Port Access Node Hub (ANH) Systems 


Installing and Maintaining FN, LN, CN, AFN, and ALN 
Routers 


qo Installing the DC Version of the BLN-2 and BCN 


YF Oo oO 
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How to Get Help 


2. Connect the router to a network and create a pilot configuration 


file. For instructions, refer to one of the following: 
qo Quick-Starting Wellfleet Routers 
o Administering Networks for AN and ASN Routers 


3. Make sure you are running the latest version of Wellfleet Site 
Manager and router software. For instructions, refer to one of the 
following: 


qo Upgrading Wellfleet Routers from Version 7-8.00 to Version 8.10 
o Upgrading Wellfleet Routers from Version 5 to Version 8.10 


How to Get Help 


XVI 


For additional information or advice, contact the Bay Networks Help 
Desk in your area: 


United States 1-800-2LAN-WAN 
Valbonne, France (33) 92-966-968 
Sydney, Australia (61) 2-903-5800 
Tokyo, Japan (81) 3-328-0052 


Conventions 


angle brackets (< >) 


arrow character (>) 


brackets ([ ]) 


user entry text 


command text 


italic text 


screen text 
ellipsis points 
quotation marks (“ ”) 


vertical line (|) 


About This Guide 


Indicate that you choose the text to enter based on 
the description inside the brackets. Do not type the 
brackets when entering the command. Example: if 
command syntax is ping </p_address>, you enter 
ping 192.32.10.12 


Separates menu and option names in instructions. 
Example: Protocols>AppleTalk identifies the 
AppleTalk option in the Protocols menu. 


Indicate optional elements. You can choose none, 
one, or all of the options. 


Denotes text that you need to enter. Example: Start 
up the Windows environment by entering the 
following after the prompt: win 


Denotes command names in text. Example: Use the 
xmodem command. 


Indicates variable values in command syntax 
descriptions, new terms, file and directory names, 
and book titles. 


Indicates data that appears on the screen. Example: 
Set Bay Networks Trap Monitor Filters 


Horizontal (. . .) and vertical( : ) ellipsis points 
indicate omitted information. 


Indicate the title of a chapter or section within a 
book. 


Indicates that you enter only one of the parts of the 
command. The vertical line separates choices. Do not 
type the vertical line when entering the command. 


Example: If the command syntax is 
show at routes | nets, you enter either 
show at routes or show at nets, but not both. 
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Acronyms 


ANSI 
ARP 
ATM 
CMIP 
EGP 
FDDI 
IEEE 
ILI 
IS-IS 
MAC 
MOP 
OSI 
OSPF 
PVCs 
QENET 
RIP 
SMDS 
SNAP 
SNMP 
SRM 
SVCs 
TCP/IP 
TFTP 
TTRT 
VC 
VINES 
XB 


American National Standards Institute 
Address Resolution Protocol 

Asynchronous Transfer Mode 

Common Management Information Protocol 
Exterior Gateway Protocol 

Fiber Distributed Data Interface 

Institute of Electrical and Electronic Engineers 
intelligent link interface 

Intermediate System to Intermediate System 
media access control 

Maintenance Operations Protocol 

Open Systems Interconnection 

Open Shortest Path First 

permanent virtual circuits 

Quad Ethernet Link Module 

Routing Information Protocol 

Switched Multimegabit Data Services 
Subnetwork Access Protocol 

Simple Network Management Protocol 

system resource modules 

switched virtual circuits 

Transmission Control Protocol/Internet Protocol 
Trivial File Transfer Protocol 

target token rotation time 

virtual connection 

Virtual Networking System (Banyan) 
Translation Bridge 


Chapter 1 
Inbound Traffic Filters: An Overview 


This chapter describes the following: 

a Inbound traffic filters 

o Filter templates 

q Predefined criteria, ranges, and actions specific to each protocol 
q 


Criteria that you specify (user-defined criteria) 


You should read this chapter if you are responsible for configuring 
traffic filters for your network. If you are already familiar with the 
implementation of traffic filters in Configuration Manager, and with 
the criteria and actions associated with the protocols for which you 
want to create filters, you can go directly to Chapter 2, “Using the 
Configuration Manager to Apply Traffic Filters.” 


For information on prioritizing protocols and on outbound filters, see 
Chapter 3, “Protocol Prioritization and Outbound Filters: An 
Overview,” and Chapter 4, “Using the Configuration Manager 

to Configure Priority Filters.” 


Using Inbound Traffic Filters 


Traffic filters enable a router to selectively relay, drop, or log a packet, 
frame, or datagram based on standard protocol fields or user-defined 
fields (criteria). 
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Inbound traffic filters apply to incoming traffic; they are used primarily 
for security. For example, suppose a company wants only certain 
people to be able to access its financial network; the company can 
construct a filter denying everyone access to the financial network 
except for those people. 


All filters are created from templates (files that hold the filtering 
information), and consist of the following three components: 


o Criteria 


Part of a frame, packet, or datagram header that you specify to be 
examined on each incoming frame. 


o Ranges 
Numeric values (usually addresses) that further specify filtering 
criteria. 

go Actions 


‘What happens to those incoming packets that match a filter’s 
criteria and ranges. 


Each filter is associated with a particular protocol and router circuit 
(interface). Configuration Manager supports traffic filters in the 
following protocols: 


o Bridge 

IP 

DECnet™ Phase IV 
VINES® 

Source Routing 
IPX® 

XNS™ 

OSI 

DLSw 
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Each supported protocol allows up to 31 filters per interface. As filters 
are added to an interface, they are numbered chronologically in the 
following fashion: rule #1, rule #2, rule #3, and so on. 


The order in which you add filters to an interface determines the filter 
precedence. If a packet matches two filters, the filter with the highest 
precedence applies. 


The first filter has the highest precedence and a rule number of 1. 
Subsequent filters have decreasing precedence. For examples, if two 
traffic filters apply to a packet, but the first filter on the interface (rule 
# 1) accepts the packet and the second filter (rule # 2) drops the packet, 
rule # 1 has precedence and the packet will be accepted. See the section 
“Applying Filter Precedence” in Chapter 2 for more information. 


Filter Templates 


To use traffic filters, it is important to understand the difference 
between a template and a filter. A traffic filter template is a reusable, 
predefined specification for a traffic filter. You create a traffic filter 
when you apply (save) a traffic filter template to one or more interface 
(circuit). 


A template contains a complete filter description but is not associated 
with an interface or circuit. Each filter template file holds specific 
filtering information (criteria, ranges, and actions). 


Note: A template contains criteria and actions for one protocol only. 


Creating Templates 


When creating a template, you first assign a name to the template file. 
It is a good idea to give each template a one-word descriptive name. 
For example, if you are building a template that is going to contain 
filtering information instructing the interface to drop all DECnet 
Phase IV traffic with a Source Node value of 3, name it decSnode3. 


Filter Templates 


After you name a template file, you select the criteria and address 
ranges for checking packets. You then select the action to impose on 
packets that match the specified criteria and ranges. 


After you specify filtering criteria, ranges, and actions, you save the 
template file, thus creating a traffic filter template. You can apply a 
single template to as many interfaces as you want. Once you create a 
template file, it exists for future use unless you delete it. 


For a detailed, step-by-step example of creating a filter template from 
scratch, follow the procedures in the “Preparing Filter Templates” 
section in Chapter 2. 


Applying a Template to an Interface 


When you want to add a filter to an interface, you have several options: 


qo Ifthere is a template that contains the exact filtering instructions 
that you want for this interface, you can apply (save) that template 
to this interface. 


o Ifthere is a template that contains filtering instructions similar to 
what you want, you can copy the template, rename it, and edit it. 
When you save the changes, you create a new template. You then 
apply the new template to the appropriate interface. 


a Ifthere is no template containing filtering instructions similar to 
what you want for this interface, you must create a template from 
scratch. The section “Preparing Filter Templates” in Chapter 2 
describes what to do if there is no existing template similar to what 
you want. 


o If there is already a filter applied to the interface with filtering 
instructions similar to what you want, you don’t need to use a filter 
template. You can edit the existing filter directly (see the section 
“Editing Filters” in Chapter 2). 


Because you create traffic filters on a per-protocol basis, you must 
become familiar with the specific criteria and actions each protocol 
uses for filtering. The next section describes criteria, ranges, and 
actions. If you are already familiar with them, go directly to Chapter 2. 
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Filtering Criteria, Ranges, and Actions 


As described in the previous section, all filters are created from 
templates, which consist of these three components: 


oq Criteria 


You select which incoming traffic to filter by specifying part of a 
packet, frame, or datagram header. The fields for filter criteria are 
protocol-specific. For example, in the Bridge protocol, you can 
specify the MAC (media access control) source address as a filtering 
criterion. This causes each incoming frame’s MAC source address 
to be inspected. 


go Ranges 


You specify a range of applicable addresses along with filtering 
criteria to further select traffic. There must be at least one range 
per criterion. (You specify a minimum and a maximum value for 
each range. When you enter values, the Configuration Manager 
assumes the value is a decimal number. To enter a hexadecimal 
number, you must use the prefix Ox. For example, if you specify the 
MAC source address as a filtering criterion, you must specify 
exactly which addresses to filter. If you specify 0x0000A2000001 as 
the minimum value and 0x0000A2000003 as the maximum value, 
all incoming packets would be checked to see if their MAC Source 
Address was between 0x0000A2000001 and 0x0000A2000003, 
inclusive.) 


Note: Arange can consist of just one value or it can be a set of values. 
If you want a range of only one value, enter only the minimum 
value; the system automatically uses the value entered for both 
the minimum and maximum and sets a range of one value. 


Filtering Criteria, Ranges, and Actions 


o Action 


An action defines what happens to incoming packets that match 
one of the selected ranges for every criterion in the filter. 


Actions are protocol-specific, except for the following three: 


— Accept 


Specifies that any frame that matches the filter will be 
accepted. 


Drop 


Specifies that any frame that matches the filter will be 
discarded. 


Log 


Specifies that for any frame that matches the filter, an event 
message will be recorded in the Event Log. The Log action can 
be combined with any other action; however, it should be used 
to record abnormal events only. Otherwise, the event log will fill 
up with filtering messages and thus become useless. 


The following sections describe each oe predefined filtering 
criteria and actions. 


Bridge Criteria and Actions 


Bridge filters are the most complex because they support multiple 
encapsulations and media types; you can create Bridge traffic filters to 
filter a number of predefined filtering criteria. Bridge filters also 
support user-defined criteria. 


You filter Bridge frames based on the header fields within each of the 
four supported encapsulation methods: 


o 


Oo 
O 
O 


Ethernet 
IEEE 802.2 logical link control (LLC) 
IEEE 802.2 LLC with SNAP header 


Novell® Proprietary 
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Figure 1-1 illustrates the header content of each supported 
encapsulation method. 


Ethernet Header IEEE 802.2 LLC Header 
MAC 

48-bit MAC destination address 48-bit MAC destination address 

48-bit MAC source address 48-bit MAC source address 

16-bit length/type is TYPE (> 1518) 16-bit length/type is LENGTH (<1519) 
8-bit DSAP 
8-bit SSAP 
8-bit Control 

IEEE 802.2 LLC w/SNAP Encapsulation Novell Proprietary Encapsulation 


MAC MAC | length/ 
vee 


48-bit MAC destination address 

48-bit MAC source address 

16-bit length/type is LENGTH (<1519) 

next 16 bits are all ones (part of IPX header) 


MAC MAC | lenat Ora. | Ether- 
‘ype | DSAP | SSAP ]Contol } Code | type 


48-bit MAC destination address 
48-bit MAC source address 

16-bit length/type is LENGTH (<1519) 
DSAP/SSAP/CTRL is OxAAAA03 
24-bit Organizational Code 

16-bit Ethertype 


Figure 1-1. Headers of Encapsulation Methods Supported by Bridge Filters 


Note: Only Ethernet encapsulations support a length/type criterion. 


Predefined Criteria 


Each encapsulation method has specific, predefined criteria for 
filtering frames. Table 1-1 shows the encapsulation support for each 
physical access medium. Table 1-2 illustrates the predefined filtering 
criteria for each encapsulation method. 


Filtering Criteria, Ranges, and Actions 


Note: Since all frame headers include both a MAC Destination 
Address and a MAC Source Address field, filtering on these two 
criteria is possible for all Bridge-supported encapsulations. 


Table 1-1. | Bridge-Supported Encapsulation/Media Matrix 


Encapsulation Method 


Table 1-2. Predefined Criteria for Bridge Filters 


Encapsulation sad 
Method Predefined Criteria 
All MAC Source Address 
| MAC Destination Address 


Ethernet Ethernet type 


802.2 


SNAP 


Length (Ethernet/802.3 and Point-to-Point only) 
SSAP 

DSAP 

Control 


Length 
Protocol ID/Organization code 
Ethertype 
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Note: There are no additional filtering criteria for Novell®; it allows 
filtering only on the MAC Source and MAC Destination 
Address. 


User-Defined Criteria 


In addition to basic filtering options, the Bridge lets you filter traffic 
based upon specified bit patterns contained within either the MAC or 
the datalink header. When creating a filter with user-defined criteria, 
you specify the reference, offset, and length of each criterion to 
describe the location of criteria on incoming packets. 


o Reference 


Positions the filtered bit pattern within the incoming frame. For 
the Bridge there are two reference points: the first is at the 
beginning of the MAC header, and the second is at the beginning of 
the datalink header. 


qa Offset 


Positions the filtered bit pattern (measured in bits) within either 
the MAC or the datalink header. 


gq Length 
Specifies the bit length of the filtered criteria. 


Tables 1-3 through 1-6 show the reference, offset, and length for the 
filtering criteria each encapsulation method supports. 


Table 1-3. Reference, Offset, and Length of Common Bridge Criteria 


Filtering Criteria, Ranges, and Actions 
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Table 1-4. Reference, Offset, and Length of Ethernet Encapsulation Criteria 


PBthentone MACS 


Table 1-5. Reference, Offset, and Length of 802.2 Encapsulation Criteria 


Table 1-6. Reference, Offset, and Length of SNAP Encapsulation Criteria 


Protocol [D/Organization DATA_LINK al 
Code 


After specifying the reference, offset, and length of your criterion, you 
specify one or more range. For more information, see the section 
“Specifying User-Defined Criteria” later in this chapter. 


Actions 


Inbound Traffic Filters: An Overview 


There are two Bridge-specific action in addition to the Accept, Drop, 
and Log actions common to all the protocols. They are 


Oo 


Flood 


Specifies that any frame that matches the filter will be forwarded 
onto all Bridge circuits except for the circuit from which it was 
received. 


Forward to Circuit List 


Specifies that any frame that matches the filter will be forwarded 
to certain circuits that you specify. 


Note that you can combine the Log action with any of the other actions. 
However, you should use Log only to record abnormal events; 
otherwise, the event log will fill up with filtering messages and thus 
become useless. 


IP Criteria and Actions 


You can filter IP frames based on the predefined header fields within 
the IP header. IP also supports user-defined criteria. 


Predefined Criteria 


The predefined filtering criteria for IP packets include 


Es ER Es ey YE A 


Type of Service 

IP Destination Address 
IP Source Address 
UDP Source Port 

UDP Destination Port 
TCP Source Port 

TCP Destination Port 


Protocol 
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User-Defined Criteria 


You can filter IP traffic based on specified bit patterns contained within 
the IP header or the header of the upper-level protocol (TCP or UDP, 
for example) conveyed within the IP datagram. 


When you create an IP filter with user-defined criteria, you specify the 
reference, offset, and length of each criterion to describe the location of 
criteria on incoming packets. 


o Reference 


Positions the filtered bit pattern within the incoming frame. There 
are two reference points: the first is Header Start, which is the 
beginning of the IP header; the second is Header End, which is the 
beginning of the UDP or TCP header. 


o Offset 


Positions the filtered bit pattern (measured in bits) within either 
the IP or the higher-level protocol header. 


o Length 
Specifies the bit length of the filtered criteria. 


Table 1-7 shows the reference, offset, and length of each IP criteria. 


Table 1-7. Reference, Offset, and Length of IP Filtering Criteria 


(A 
TiypeotSonice ‘HEADER START |S [8 
eset [ans [ref 
IP Source Address 8200 
TopemCP Sous Pon | HEADREREND [0 [18 


Actions 
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After specifying the reference, offset, and length of your criterion, you 
specify one or more range. For more information, see the section 
“Specifying User-Defined Criteria” later in this chapter. 


There are two IP-specific actions in addition to the Accept, Drop, and 
Log actions common to all the protocols. They are 


O 


Forward to Next Hop 


Specifies that any frame that matches the filter will be forwarded 
to the next-hop router. You must specify the IP address of the next- 
hop router. If the next-hop router is not reachable, any packets 
matching the filter will be forwarded normally unless you also 
specify Drop if Next Hop is Unreachable. 


If you specify 255.255.255.255 as the Next Hop, then any frame 
that matches this filter will be forwarded normally. 


Drop if Next Hop is Unreachable 


Specifies that if the address specified in Forward to Next Hop is 
unreachable, the frame is dropped. This action is valid only when 
Forward to Next Hop is in use. 


Note that you can combine the Log action with any of the other actions. 
However, you should use Log only to record abnormal events; 
otherwise, the event log will fill up with filtering messages and thus 
become useless. 


DECnet Phase IV Criteria and Actions 


Predefined Criteria 


You can filter DECnet Phase IV traffic only on predefined criteria. 


DECnet Phase IV predefined filtering fields include 
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Actions 


Destination Area 
Destination Node 


Source Area 


MO OO OF OQ 


Source Node 


Table 1-8 shows the reference, offset, and length of each DECnet 
predefined filtering criterion. 


Table 1-8. Reference, Offset, and Length of DECnet Filtering Criteria 


DECnet Phase IV filtering actions include only Accept, Drop, and Log. 


VINES Criteria and Actions 


You can configure VINES traffic filters to filter frames based on 
predefined fields within the VINES IP header. VINES also supports 
user-defined criteria. 


Predefined Criteria 


VINES predefined filtering fields include 
o ©Protocol Type 
o Destination Address 


o Source Address 
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User-Defined Criteria 


You can filter VINES traffic based on specified bit patterns contained 
within the VINES header. 


When you create a VINES filter with user-defined criteria, you specify 
the reference, offset, and length of each criterion to describe the 
location of criteria on incoming packets. 


Oo Reference 


Positions the filtered bit pattern within the incoming frame. There 
is one reference point for VINES: HEADER_START, which 
indicates the start of the VINES header. 


a Offset 
Positions the filtered bit pattern (measured in bits) within the OSI 
header. 

go Length 


Specifies the bit length of the filtered criteria. 


Table 1-9 shows the reference, offset, and length of the VINES 
predefined filtering criteria. 


Table 1-9. Reference, Offset, and Length of VINES Filtering Criteria 


After specifying the reference, offset, and length of a criterion, you 
specify one or more range. For more information, see the section 
“Specifying User-Defined Criteria” later in this chapter. 
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Actions 


VINES filtering actions include Accept, Drop, and Log. 


IPX Criteria and Actions 


You can configure IPX traffic filters to filter frames based on predefined 
fields within the IPX IP header. 


Predefined Criteria 


IPX predefined filtering fields include 
Destination Network 

Source Network 

Destination Socket 

Source Socket 


Destination Address 


Oo O OF OF OF 


Source Address 


Table 1-10 shows the reference, offset, and length of the [PX predefined 
filtering criteria. 


Table 1-10. Reference, Offset, and Length of IPX Filtering Criteria 


Destination Network HEADER START 


2 
Dastinaiven Address HEADER START 8000 48 


Source Socket HEADER START 


1-16 


Inbound Traffic Filters: An Overview 


Actions 


[PX filtering actions include only Accept, Drop, and Log. 


XNS Criteria and Actions 


You can configure XNS traffic filters based on predefined fields within 
the XNS IP header. XNS does not support user-defined filters. 


Predefined Criteria 


XNS predefined filtering fields include 
Destination Network 

Source Network 

Destination Socket 

Source Socket 


Destination Address 


Mm OG O O88 OF Q 


Source Address 


Table 1-11 shows the reference, offset, and length of the XNS 
predefined filtering criteria. 


Table 1-11. Reference, Offset, and Length of XNS Filtering Criteria 


HEADER START 48 32 
HEADER _ START 


Source Socket 


Filtering Criteria, Ranges, and Actions 


Actions 


XNS filtering actions include only Accept, Drop, and Log. 


Source Routing Criteria and Actions 


Predefined Criteria 
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You can configure Source Routing traffic filters to filter frames based 
on predefined fields within the Source Routing header. Source Routing 
filters also support user-defined criteria. 


Note: Source Routing includes two distinctly different types of frames 


(routed frames and explorer frames); keep in mind that any 
filter you create affects both types of frames. 


The predefined filtering fields for Source Routing filters include 


o 


OM OO OF Q 


Next Ring 

DSAP 

SSAP 

Destination MAC Address 
Source MAC Address 


Note: If you create a Source Routing filter that includes a Source or 


Oo 


O 


Destination MAC Address, you define the MAC Address in MSB 
(most significant bit) format. In addition, the source address 
you enter must have the 0x80 bit of the leftmost byte turned on 
to account for the RIF bit. (This bit indicates the presence of the 
Routing Information Field.) 


Destination NetBIOS Name 
Source NetBIOS Name 
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Note: If you create a Source Routing filter that includes a Source or 
Destination NetBIOS Name, you enter the NetBIOS name as 
the ASCII equivalent of the first 15 characters of the name. If 
the name is less than 15 characters, use ASCII spaces (0x20) to 
pad a name to 15 characters. 


User-Defined Criteria 


You can filter Source Routing traffic filters to filter traffic based upon 
specified bit pattern(s) contained within the Source Routing header. 


When you create a Source Routing filter with user-defined criteria, you 
specify the reference, offset, and length of each criterion to describe the 
location of criteria on incoming packets. 


o Reference 


Positions the filtered bit pattern within the incoming frame. For 
Source Routing there are three reference points: Next Ring, Header 
Start, and Data Link. 


o Offset 


Positions the filtered bit pattern (measured in bits) within either 
Next Ring or the MAC-level or datalink-level header. 


go 6Length 
Specifies the bit length of the filtered criteria. 


Table 1-12 shows the reference, offset, and length for Source Routing 
filtering criteria. 
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Filtering Criteria, Ranges, and Actions 


Actions 
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Table 1-12. Reference, Offset, and Length of Source Routing Filtering Criteria 


Field | Reference set | Length 
RewRing —=NERTRNG 0 
Destination MACAAivos | HEADER-START [O [#8 
psar Sata fos 
sar Pata 


Note: Creating a filter that includes Next Ring as a criterion affects 
only the routed frames. The Next Ring criterion does not affect 
explorer frames. 


After specifying the reference, offset, and length of a criterion, you 
specify one or more range. For more information, see the section 
“Specifying User-Defined Criteria” later in this chapter. 


Source Routing supports two Source Routing-specific actions in 
addition to the Accept, Drop, and Log actions common to all protocols: 


o Direct IP Explorers 


Specifies that any explorer frame that matches the filter will be 
sent to some number of IP addresses. You are required to specify 
these IP addresses. 


IP encapsulation must be configured for this action to be valid. If it 
is not configured, and a frame matches the filter, the frame will be 
flooded as if no filter existed. 
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a Forward to Circuits 


Specifies that any frame that matches the filter will be forwarded 
to certain circuits that you specify. 


OSI Criteria and Actions 


You can configure OSI traffic filters to filter frames based on predefined 
fields within the CLNP header. OSI also supports user-defined criteria. 


Predefined Criteria 


OSI predefined filtering fields include 
o Destination Area 

o ©6Destination System ID 

o Source Area 


o Source System ID 


User-Defined Criteria 


You can filter OSI traffic based upon specified bit pattern(s) contained 
within the CLNP header. 


When you create a filter with user-defined criteria, you specify the 
reference, offset, and length of each criterion to describe the location of 
criteria on incoming packets. 


Oo Reference 


Positions the filtered bit pattern within the incoming frame. There 
are three reference points for OSI: OSI_LBASE, which indicates the 
start of the CLNP header; OSIL_DEST, which indicates the start of 
the last two bytes of the Destination Area Address field; and 
OSI_SRC, which indicates the start of the last two bytes of the 
Source Area Address field. 
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Actions 
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o Offset 


Positions the filtered bit pattern (measured in bits) within the OSI 
header. 


o Length 
Specifies the bit length of the filtered criteria. 


After specifying the reference, offset, and length of a criterion, you 
specify one or more range. For more information, see the section 
“Specifying User-Defined Criteria” later in this chapter. 

Table 1-13 shows the reference, offset, and length of each OSI filtering 
criterion. 


Table 1-13. Reference, Offset, and Length of OSI Filtering Criteria 


rs Ce 
Destine ———~fOSTDEST “fo 
[Suwawe —jestsne fof 


OSI filtering actions include only Accept, Drop, and Log. 
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DLSw Criteria and Actions 


You can filter DLSw traffic based on predefined fields within the DLSw 
header, as defined in RFC 1434. DLSw also supports user-defined 
criteria. 


Predefined Criteria 


DLSw predefined filtering fields include 


O 


o 
O 
Oo 


Destination MAC Address 
Source MAC Address 
DSAP 

SSAP 


User-Defined Criteria 


You can filter DLSw traffic based upon specified bit pattern(s) 
contained within the DLSw header. When you create a filter with user- 
defined criteria, you specify the reference, offset, and length of each 
criterion to describe the location of criteria on incoming packets. 


Oo 


Reference 


Positions the filtered bit pattern within the incoming frame. There 
is one reference point for DLSw, DLS_BASE, which is the 
beginning of the DLSw header. 


Offset 


Positions the filtered bit pattern (measured in bits) within the 
DLSw header. 


Length 


Specifies the bit length of the filtered criterion. After specifying the 
reference, offset, and length of a criterion, you specify one or more 
range. For more information, see the section “Specifying User- 
Defined Criteria” later in this chapter. 


1-23 


Specifying User-Defined Criteria 


Actions 


Table 1-14 shows the reference, offset, and length of each DLSw 
filtering criterion. 


Table 1-14. Reference, Offset, and Length of DLSw Filtering Criteria 


ee 
aes 


SSAP DLS_BASE 


There is one DLSw-specific action in addition to the Accept, Drop, and 
Log actions common to all the protocols. 


Forward to IP Address specifies that any frame that matches the filter 
will be sent to some IP address. You are required to specify the IP 
address. 


Specifying User-Defined Criteria 
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When you use the Configuration Manager to create or edit a template, 
you usually add or edit filtering criteria (see Chapter 2). When you 
access the appropriate menu to add a criterion, each predefined 
filtering criterion is represented as an option in that menu. In addition 
to the predefined criteria, the menu provides a “User-Defined” criteria 
choice when creating a filter for most protocols. 


The User-Defined option allows you to set up specialized filtering 
criteria based on bit patterns within a packet’s header. 


Setting up user-defined criteria is similar to setting up predefined 
criteria, except you must specify the criterion’s location within the 
packet. (With predefined criteria, the locations are established.) 
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Therefore, there is one extra step (window) required to specify a user- 
defined criterion. 


When you select the User-Defined option, the Add User-Defined 
Criteria window appears (Figure 1-2). In this window, you specify the 
criterion’s location within the header. To do this, you set the criterion’s 
reference, offset, and length. Then, you specify a range associated with 
the bit criterion described by the reference, offset, and length. 


[o) Add User-Defined Criteria 


Name : 
BRIDGE - USER_DEFINED 
REF: 
OFFSET: 
LENGTH: 


<s 


Figure 1-2. Add User-Defined Criteria Window 


For example, suppose that you are bridging VINES traffic over 
Ethernet, and you want to drop all packets with a destination network 
number of 1234 (hex); you would set up filtering criteria as follows: 


1. Specify an Ethernet Type criterion of OxBAD (VINES). Ethernet 
Type is a predefined criterion. 
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2. Determine the reference, offset, and length values of the 
Destination Network criterion within the header (Figure 1-3). 


MAC Header § VINES Header 


Figure 1-3. VINES Header 


3. Set the reference, offset, and length in the Add User-Defined 
Criteria window, as follows: 


— Reference= MAC (beginning of frame) 


— Offset = 160 bits (sum of all criteria that precede the 
Destination Network field, or 48+48+16+16 
+ 16+8+8) 

— Length = 32 bits 


4. Specify the range to go with the criterion described by Reference, 
Offset, and Length. 


The procedures in Chapter 2 on adding, deleting, and editing ranges 
for predefined criteria are the same as the procedures for a user- 
defined criterion. 


Chapter 2 
Using the Configuration Manager 
to Apply Traffic Filters 


This chapter explains how to use the Configuration Manager tool to 
configure traffic filters. It explains how to: 


Display the Traffic Filters window 
Prepare filter templates 

Modify templates 

Create a filter 

Edit filters 

Delete filters 

Enable or disable a filter 


MO OF OF OF O OO Oo QQ 


Apply filter precedence 


This chapter assumes that you are familiar with protocol-specific 
filtering criteria and actions, and with setting up user-defined criteria 
if you intend to do so. Refer to Chapter 1 for information on these 
topics. 


For information on prioritizing protocols and configuring outbound 
filters, see Chapter 3, “Protocol Prioritization and Outbound Filters: 
An Overview,” and Chapter 4, “Using the Configuration Manager 

to Configure Priority Filters.” 
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Displaying the Traffic Filters Window 


Displaying the Traffic Filters Window 


To work with traffic filters for a particular interface, you must first 
display the Filters window for the circuit’s protocol by completing the 
following steps. 


1. Start at the Configuration Manager window (accessible from the 
Wellfleet Site Manager main menu). 


2. Select Circuits>Edit Circuits. 
The Circuit List window appears. 
3. Select the circuit to which you want to add a traffic filter. 


4, Click on the Edit button. The Circuit Definition window appears, 
with the circuit you just selected highlighted. 


5. Select Protocols>Edit (protocol) >Traffic Filters, as shown in 
Figure 2-1. 


[e] Circuit Definition 


Eile Lines Window 


Circuit Name: 


Figure 2-1. Selecting the Traffic Filters Menu 


The Filters window for the selected circuit and protocol appears 
(Figure 2-2). 
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ID Bridge Filters 


Filter Enable 


Filter Name 


Figure 2-2. Filters Window 


Note: The Filters window is protocol specific. In Figure 2-2, the 
selected circuit was configured with the Bridge protocol. The 
circuit does not yet have any traffic filters configured, so the 
Filters scroll box is empty. 


Preparing Filter Templates 


This section describes how to add a filter template to an interface by 
o Creating a new filter template or using an existing template 


qo Adding desired filtering criteria, ranges, and actions toa 
template 


The “Creating a Filter” section, later in this chapter, describes how to 
create a filter by applying (saving) a filter template to an interface. 
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Preparing Filter Templates 


Creating a New Template 


When you add a filter to an interface, you do not always need to create 
a new template. Often, you can begin with an existing template. Skip 
this section and go to the “Modifying Templates” section if there is 
already a filter template for the circuit you are configuring that 
includes filter information you might use. 


If there is no existing template to match your needs, you must first 
create a new template for your circuit. To create a new template from 
scratch, begin as follows: 


1. Start at the Filters window for your selected circuit (Figure 2-2). 
2. Click on the Template button. 


The Filter Template Management window appears, as shown in 
Figure 2-3. 


l@ Filter Template Management 


Templates: 


Rradsell tats 


Figure 2-3. Filter Template Management Window 


3. Click on the Create button. 
The Create Template window appears (Figure 2-4). 
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[el Create Bridge Template El 


Range Min: | Ma f 
a) ey] [va] [ie | [omer 


Figure 2-4. Create Template Window 


Note: The Create Template window is protocol specific. The example 
in Figure 2-4 shows the Create IP Template window; the 
window for other protocols is similar. 


4. Enter a name for the new template in the Filter Name box. 
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Preparing Filter Templates 


Give descriptive names to your templates. For instance, in this 
example, the template is named Bridge01to03 because it will 
contain information for filtering bridge frames from certain MAC 
source addresses (0x0000A2000001 to 0x0000A2000003). 


5. Click on the OK button to save the new template. 


To add filter criteria and actions, proceed to Step 6 in the “Modifying 
Templates” section below (skip the “Copying a Template” subsection). 


Modifying Templates 


There are two ways to change a filter template: 
o Copy the existing template, rename it, and then edit it. 


This preserves the original template and creates an entirely new 
template with the same criteria and actions. You can then modify 
the new version to suit your needs. 


o Edit the existing template. 


If you do not want or need to preserve the original template, you 
can edit it without first copying and renaming it. (Changing a 
template does not affect interfaces to which the template has 
already been applied.) 


To edit an existing template without preserving the original, proceed to 
Step 6 (skip the “Copying a Template” subsection). 


Copying a Template 


To duplicate an existing template, proceed with the steps below. 


Note: You can also edit or copy a template using a text editor. The 
Configuration Manager stores all templates in a file called 
template.flt. 


1. Start at the Filter Template Management window (Figure 2-3). 
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2. Ifthe Templates box in the Filter Template Management window is 
displaying the name of the template you want to copy, go to the 
next step. 


If the Templates box is not currently displaying the name of the 
template you want to copy, click on the Templates box. A menu 
displaying all existing templates appears; choose the template you 
want to copy. 


If there is no existing template to match your needs, you must first 
create a new template for your circuit, as described in the previous 
section, “Creating a New Template.” 


3. Click on the Copy Button. 
The Copy Filter Template window appears (Figure 2-5). 


[el Copy Filter Template 


Copy template BridgeQ1ted3 


Figure 2-5. Copy Filter Template Window 


4. Enter a name for the new template in the box provided. 


Remember that it is a good idea to give your template a name that 
reflects its contents. 


5. Click on the OK button. 


You are returned to the Filter Template Management window. The 
name you just assigned to the new template appears in the 
Templates box. 
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To edit filter criteria and actions, proceed to the next section, 
“Editing a Template.” 


Editing a Template 
Once you create or copy a template, you edit it to apply the filters you 
want. 
6. Start at the Filter Template Management window (Figure 2-3). 


7. Ifthe Templates box on the Filter Templates Management window 
is displaying the name of the template you want to edit, go to the 
next step. 


If the Templates box is not currently displaying the name of the 
template you want to edit, click on the Templates box. A menu 
displaying all existing templates appears; choose the template you 
want to edit. 


8. Click on the Edit button. 
The Edit Filter Template window appears (Figure 2-6). 


Note: The Edit Filter Template window is protocol specific. The 
example in Figure 2-6 shows the Edit Bridge Template window; 
the window for other protocols is similar. 
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fel Edit Bridge Template 


Filter Name: BridgeQltot3 


Filter Information: 
Bet ors: 
BRIDGE - DROP 


Criteria: 
BRIDGE — MAC SOURCE 
Ranges: 
0x 000042000001-0x0000482000003 
Ox 00004 2000008-0x 000042000008 


[Corea ele] | 


Figure 2-6. Edit Filter Template Window 


You modify a template by modifying, adding, or deleting filter criteria, 
ranges, and actions, as described in following subsections. 


Note: If you intend to work with user-defined criteria, refer to the 
section “Specifying User-Defined Criteria” in Chapter 1, which 
explains the special considerations of specifying user-defined 


criteria. 
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Preparing Filter Templates 


Adding Template Criteria 


To add filter criteria to a template, begin at the Edit Filter Template 


window. Refer to Chapter 1 if you are not familiar with protocol- 
specific filtering criteria and actions. 


1. Select Criteria>Add; then select the criterion that you want to 
filter packets. 


fel Edit Bridge Filters § 


lets SPFSMAC Destination Address J 
Data Link i 


Filter I ‘User-defined, .. 
Geet rst 2 | 


BRIDGE -— DROP 
Criteria: 
BRIDGE — MAC _SOURCE 
Ranges: 


OxN000aZ000001-0x0000az000003 
OxN000aZ000008-Ox0000az000008 


Figure 2-7. Selecting a Filter Criterion 
The Add Range window appears (Figure 2-8). For each criterion 


you choose, you must specify at least one range. You can add up to 
100 ranges for a filter criterion. 
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2. 
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Name: Bridgefltois 
Criteria: BRIDGE — MAC DESTINATION 


Minimum value | Ox0000a2z00001 | 


Maximum value | Oxd000a200003I 


Figure 2-8. Add Range Window 


Specify the low and high ends of the range you want to filter in the 
Minimum value and Maximum value boxes. 


If the range you want to add consists of just one value, specify that 
value in both boxes. In this example (Figure 2-8), the range for the 
MAC source address criterion is between 0x0000A2000001 (the 
minimum value) and 0x0000A2000008 (the maximum value). Each 
incoming packet will be checked to see if its MAC source address 
falls into this range of addresses. 


Note: When you enter values for minimum and maximum value, the 


3. 


Configuration Manager assumes the value is a decimal number. 
If you want to enter a hexadecimal number, you must use the 
prefix Ox. 


Click on the OK button. 


You return to the Edit Filter Template window. The new criterion 
and range appear in the Filter Information scroll box, as shown in 
Figure 2-9. 
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| Criteria Range Action Circuit Help 


Filter Name: Bridgedltot3 


Filter Information: 
Actions: 
BRIDGE - DROP 


Criteria: 
BRIDGE - MAC _SOURCE 
Ranges: 
Ox 000082000001-02000082000003 
Ox0000482000008-0x0000482000008 


BRIDGE -— MAC DESTINATION 
Ranges: 


[Tac [ry] [| [eet | [cs | 


Figure 2-9. Criteria List with Range Added 


4. When you are finished adding ranges, click on the OK button to 
return to the Template Management window. 
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Deleting Criteria 


If you want to remove a configured filter criterion from a template, 
begin at the Edit Filter Template window (Figure 2-6); then follow 
these steps: 


1. From the Filter Information scroll box, select the criterion you 
want to remove. 


2. Click on the Delete button. 


A Delete Criteria window appears (Figure 2-10). 


io Delete Criteria 


Delete criteria: 


BRIDGE - MAC DESTINATION : 


Figure 2-10. Deleting a Filter Criterion 


3. Click on the Delete button to confirm. 


You are returned to the Edit Filter Template window. The criterion you 
just deleted no longer appears in the Filter Information scroll box. 


Repeat this procedure for each criterion you want to delete from a 
template. 


Deleting Ranges 


If you need to delete a range from a template’s criteria, begin at the 
Edit Filter Template window (Figure 2-6); then complete the following 
steps. 


Note: You must have at least one range specified for each criterion. 
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1. From the Filter Information scroll box, select the range (listed 
beneath a criterion) that you want to delete. 


2. Click on the Delete button. 
A Delete Range window appears (Figure 2-11). 


Delete range: 


OxQQO0AZ000008-Ox 0000AZ000008 


Figure 2-11. Deleting a Range 
3. Click on the Delete button to confirm. 


The range you just deleted no longer appears in the Filter Information 
scroll box. Repeat this procedure for each range you want to delete 
from a template. 


Modifying a Range 
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If you need to change a range for a criterion, begin at the Edit Filter 
Template window (Figure 2-6); then complete the following steps. 


Note: You must have at least one range specified for each criterion. 


1. Select the range you want to modify by clicking on the range line 
inside the Filter Information box. 


For example, in Figure 2-12 you could select the range 
0x0000A200001 — 0x0000A200001 or the range 
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0x0000A20000B — 0x0000A20000B. The 0x0000A20000B — 
0x0000A20000B range is selected in this example. 


: Criteria Range Action Circuit 


Filter Name: BridgeQitot3 


Filter Information: 


Actions: 
BRIDGE - DROP 


Criteria: 
BRIDGE - MAC DESTINATION 


Ranges: 
Oxd000a2z00001-0x0000a200003 


Figure 2-12. Modify a Range 


2. With the range selected, click on the Modify button. 


3. Use the Range Min: and Max: value boxes (located near the bottom 
of the window, as shown in Figure 2-12) to specify a new low and 
high value for applying the selected filter criterion. 
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Note: When entering range values, you must use the prefix Ox to 
specify a hexadecimal number. : 


4. Click on the OK button when you are satisfied with the values for 
all criteria ranges. 


Specifying Template Actions 


To add, remove, or modify filter actions, begin at the Edit Filter 
Template window (Figure 2-6); then follow the applicable steps below. 


Adding an Action 


1. Select Action Add at the Edit Filter Template window; then, 
select the action you want to impose on packets that match any of 
the template’s ranges of filtering criteria. 


Figure 2-13 shows choosing the Drop action. 


fe] Create Bridge Template 


Criteria Range 


Filter Name: iBtists P8530: 


Filter Information: 


Actions: 
Criteria: 
BRIDGE — MAC DESTINATION 
Ranges: 


Figure 2-13. Choosing the Drop Action 
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You return to the Edit Filter Template window. The new criterion 


and range appear in the Filter Information scroll box, as shown in 
Figure 2-14. 


fel Edit Bridge Template 


ce cannibals 
(Criteria Range Action Circuit 


Filter Name: Bridgedlto(3 


Filter Information: 
Actions: 
BRIDGE — DRUE 


Criteria: 
BRIDGE - MAC SOURCE 
Ranges: 


0x000042000001-0x0000A2000003 
OxDOODAZON0O0S-0x0000A2Z000008 


BRIDGE - MAC_DRSTINATION 


es: 
020000a200001-0x0000a200003 


Range Man: fl Nex: | | 
oe] Dre] [| [ae | Co 


Figure 2-14. Actions List with New Action 


2. When you are finished adding actions to your template, click on the 
OK button. 


Creating a Filter 


Deleting an Action 


If you no longer want to include an action in a template, follow these 
steps to remove it: 


1. From the Filter Information scroll box in the Edit Template 
window, select the action you want to remove. 


2. Click on the Delete button. 


A Delete Action window appears, as shown in Figure 2-15. 


lel Delete Traffic Filter Action 


Delete action: 


BRIDGE - DROP ; 


+ 


Figure 2-15. Deleting an Action 
3. Click on the Delete button to confirm. 


The action you just deleted no longer appears in the Filter Information 
scroll box. 


Repeat this procedure for each action you want to delete from a 
template. 


Creating a Filter 


To create a traffic filter, complete the following steps: 


1. Start at the Filters window for your selected circuit and protocol, as 
described in the first section of this chapter, “Displaying the Traffic 
Filters Window.” Figure 2-2 shows the Filters window. 
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2. Click on the Create Filter button. The Create Filter window 
appears, as shown in Figure 2-16. 


f@ Create Filter ET) 


tes tine: [Id 


Templates: 
Rradgetil tots 


Figure 2-16. Create Filter Window 


3. In the Filter Name field, enter a meaningful name for the new 
filter. Also verify the name of the selected interface. 


4. With the appropriate interface and template specified, click on the 
OK button (and exit). 


You are returned to the Filters window (Figure 2-17). 
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Editing Filters 


ie Bridge Filters ET]: 


- 


#1 sample, bridge 


Filter Enable 
Filter Name 


Figure 2-17. New Filter Listed in Scroll Box 


In this example, the template selected in Figure 2-16 was applied 
to create a filter named sample.bridge on interface S51. 


Editing Filters 


Once you apply a filter to an interface, you can edit its criteria, ranges, 
and actions. If you’ve used a template that was edited to suit your 
needs, you don’t need to complete further edits. 


To customize a specific filter, you have the following options, described 
in subsequent sections: 


o Add or delete filtering criteria 
o Add, modify, or delete ranges 


o Add or delete actions 
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Complete the steps in applicable subsections below. 


1. 


Start at the Filters window for the circuit you are editing (Figure 2- 
2). 


If the scroll box is displaying the name of the filter you want to edit, 
go to the next step. 


If the scroll box is not currently displaying the name of the 
template you want to edit, click on the box. Amenu displaying all 
existing filters appears; choose the one you want to edit. 


Click on the Edit button. 
The Edit Filters window appears, as shown in Figure 2-18. 


Editing Filters 


Criteria Range Action Circuit Help 


Fiber Now: 


Criteria: 
BRIDGE -— MAC _SOURCE 
Ranges: 
0x 0000a2000001-0x0000az000003 
Ox 0000aZ000008-Ox0000aZz000008 


Range Min: Nex:[ 
a] | [a [tee | [ee 


Figure 2-18. Edit Filters Window 


Note: The Edit Filters window is protocol specific. The example in 
Figure 2-18 shows the Edit Bridge Filter window; the window 
for other protocols is similar. 
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Specifying Filter Criteria 


To add or remove filter criteria, begin at the Edit Filters window. 


Note: If you intend to work with user-defined criteria, refer to the 
section “Specifying User-Defined Criteria” in Chapter 1, which 
explains the special considerations of specifying user-defined 
criteria. 


Adding Criteria 


1. Select Criteria>Add; then select the criterion you want to use to 
filter packets. Figure 2-19 shows the MAC Destination criterion 


type. 


fe] Edit Bridge Filters 


= a ikstse TR LEAG Ree a6 
Aa llake SDEYIMAC ination Add 
hist: DEO Destination ress... 


| ‘Data Link . 
Filter I ‘User-defined, .. 


Aesth Ors 2 


BRIDGE — DROP 
Criteria: 
BRIDGE — MAC SOURCE 
Ranges: 


Ox N000aZ000001-Ox0000azZ 000008 
Ox d000azQ00008-Ox0000azZ 000008 


Figure 2-19. Adding a Filter Criterion 
The Add Range window appears (Figure 2-20). 


Note: For any criterion you choose, you must specify at least one 
range. You can add up to 100 ranges for each filter criterion. 


2-23 


Editing Filters 


[@ Add Range ET] 


Name: BridgeQlto3 
Criteria: BRIDGE - MAC DESTINATION 


Minimum value | 0x0000a200001 : 


Maximum value | 0x0000a2000035 ; 


Figure 2-20. Add Range Window 


2. Specify the low and high values of the criterion range in the 
Minimum value and Maximum value boxes. 


If the range you want to add consists of just one value, specify that 
value in both boxes. In this example (Figure 2-20), the range for the 
MAC destination address criterion is between 0x0000A2000001 
(the minimum value) and 0x0000A20000083 (the maximum value). 
Each incoming packet will be checked to see if its MAC destination 
address falls into this range of addresses. 


Note: When you enter values for minimum and maximum value, the 
Configuration Manager assumes the value is a decimal number. 
To enter a hexadecimal number, you must use the prefix Ox. 


3. Click on the OK button. 


You return to the Edit Filters window. The range you specified 
appears in the scroll box for the selected criterion. 


4, When you are finished adding ranges, click on the OK button to 
return to the Filters window. 
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Deleting Criteria 


If you don’t want a configured filter criterion, follow these steps: 


1. From the Edit Filter scroll box, select the criterion you want to 
delete. 


2. Click on the Delete button. 


You are returned to the Edit Filters window. The criterion you just 
deleted no longer appears in the scroll box. 


Repeat this procedure for each criterion you want to delete from a 
template. 


Deleting Ranges 


If you need to delete a range from a criterion, begin at the Edit Filters 
window (Figure 2-18); then, complete the following steps. 


1. From the scroll box, select the range (listed beneath a criterion) 
that you want to delete. 


2. Click on the Delete button. 


Modifying a Range 


If you need to change a range for a criterion, begin at the Edit Filter 
Template window (Figure 2-6) or the Create Template window 
(Figure 2-4); then complete the following steps. 


Note: You must have at least one range specified for each criterion. 


1. Select the range you want to modify by clicking on the range line 
inside the Filter Information box. 


For example, in Figure 2-21 you could select the range 
0x0000A200001 — 0x0000A200001 or the range 
0x0000A20000B — 0x0000A20000B. 


2. With the range selected, click on the Modify button. 
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Editing Filters 


(el Edit, Bridge Filters EI) 


Criteria Range Action Circuit 


BRIDGE - DROP 


Criteria: 
BRIDGE - MAC SOURCE 


Ranges: 
Ls Se 


Figure 2-21. Modifying a Range 


3. Use the Range Min: and Max: value boxes (located near the bottom 
of the window, as shown in Figure 2-21) to specify new low and high 
ends of the range for the selected filter criterion. 


Note: When entering range values, you must use the prefix Ox to 
specify a hexadecimal number. 
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Click on the OK button when you are satisfied with the values for all 
criteria ranges. 


Specifying Filter Actions 


To add, remove, or modify filter actions, begin at the Edit Filters 
window (Figure 2-18); then follow the applicable steps below. 


Refer to Chapter 1 for information about filter action options. 


Adding an Action 


1. Select Action> Add at the Edit Filters window; then select the 
action you want to impose on packets that match any of the 
template’s ranges of filtering criteria. 


Figure 2-22 shows choosing the Drop action. 


[] Edit Bridge Template 


Criteria Range 


Filter Name: = 


we 
s 


Filter Information: 
Git, TOris = 


a Forward to Circuits... 
Criteria: 


BRIDGE - MAC DESTINATTON 
es: 
Oxd00da200001-0x0000a2 00003 


Figure 2-22. Choosing the Drop Action 


2. When you are finished adding actions to your template, click on OK 
at the Edit Filters window. 


Deleting Filters 


Deleting an Action 


If you no longer want to include an action, follow these steps to remove 
it: 


1. From the scroll box in the Edit Filters window, select the action you 
want to remove. 


2. Click on the Delete button. 


The action you just deleted no longer appears in the Filter 
Information scroll box. 


Repeat these steps for each action you want to delete from a template. 


Deleting Filters 


If you want, you can delete filters from individual interfaces. 


Note: When you delete a filter, it affects only the interface from which 
the filter is removed. 


To delete a filter from an interface, complete the following steps: 


1. Start at the Filter window for the circuit from which you want to 
delete a filter, as described in the first section of this chapter, 
“Displaying the Traffic Filters Window.” Figure 2-2 shows the 
Filters window. 


2. Select the filter that you want to delete from the filter scroll box. 


Caution: There is no confirmation of a filter deletion; be sure to select 
a filter you are certain you want to delete. 


3. Click on the Delete button. 


The filter is deleted from the circuit and no longer appears in the 
scroll box on the Filters window. 
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Enabling or Disabling a Filter 


Instead of deleting a filter from a circuit, you may want to turn off the 
filter temporarily. You can do this by disabling the filter on a circuit. 
Later, you can re-enable the filter. Begin at the Wellfleet Configuration 
Manager window, and complete the following steps to disable (or re- 
enable) a filter. 


1. Start at the Filters window for the circuit you want to work with, 
as described in the first section of this chapter, “Displaying the 
Traffic Filters Window.” Figure 2-2 shows the Filters window. 

2. Select the filter that you want to disable or re-enable from the filter 
scroll box. 

3. Click on the Values button. 

The Values Selection window appears, as shown in Figure 2-23. 

4, When you want to re-enable the filter, simply change the value in 
the Filter Enable parameter box from Disabled to Enabled. 

5. Click on the OK button. 

You return to the Filters window. 

6. Click on the Apply button to save this change. 

io Values Selection 


Filter Enable 


@ ENABLED 
© DISABLED 


| OK | 


Figure 2-23. Enabling or Disabling a Filter 
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Applying Filter Precedence 


Create filters on each interface in order of precedence. The first filter 
you create has the lowest precedence; the last filter you create has the 
highest precdence. 


If possible, accomplish your filtering goals mainly with drop filters, 
since these result in faster router performance than accept filters do. 


If your filtering strategy involves forwarding most traffic and dropping 
only specified packets, configure filters only for the specific traffic you 
want to drop. 


If your strategy involves blocking most traffic and accepting only 
specified packets (a “firewall”), begin with a drop-all filter on the 
interface. Then add more specific, higher-precedence filters to achieve 
the desired result on the interface, as described in the next section. 


Using Drop-All Filters 
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The drop-all filter describes the broadest range of packets you want to 
block from an interface. To ensure that all unwanted traffic gets 
dropped, you should 


1. Choose criteria that appear in every packet of the protocol you want 
to filter. 


2. Determine the length of the field. 

3. Determine the maximum possible value of the range. 
4. Determine the minimum value of the range. 
5) 


Enter these values when you specify the drop-all filter. 


Once you specify a drop-all filter, you can then add higher-precedence 
filters to create exceptions (or “holes”) in the drop-all range. 


For example, to configure a circuit that only accepts IP traffic 
addressed for destination address 192.32.28.55, you apply a drop-all 
filter and one accept filter, as follows: 
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Filter Action 


Start of Range End of Range 


1 (highest) 192.32.28.55 192.32.28.55 
2 (lower) 192.32.25.00 192.32.28.255 


Figure 2-24 shows a more complicated example of this strategy: a drop- 
all filter working in combination with three higher-precedence filters 
on an interface. 


(split into address ranges) 


Highest 
precedence 


Filter 1 


xr pees 


Filter 2 | Drop range | Traffic 


filters 
applied 


Filter 3 Accept range 


Lowest 


Filter 4 Drop-all range precedence 


AID AID) A |D A D Filtered result 


Address range dropped = D 
Address range accepted = A 


Figure 2-24. Example Result of Applying Filter Precedence 
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The “Filtered result” shown in Figure 2-24 indicates address intervals 
over which the interface will drop or accept packets it receives. Note 
how the highest-precedence filter in a given address range determines 
the result of combined filtering within that range. 


Figure 2-25 shows how the Filters window displays the filters on an 
interface. The first filter has the highest precedence and a rule number 
of 1. Subsequent filters created on the interface have decreasing 
precedence. 


If the first filter on the interface (#1) accepts a packet and the second 
filter (#2) drops the same packet, filter #1 has precedence and the 
packet will be accepted. 


lel Bridge Filters li 


(4 


Help... | 


Filter Enable ENABLED iy 
Filter Name test_filter2 : : 


Figure 2-25. Filters Appearing in the Order of Precedence 
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If you need to change the order of precedence, complete the following 
steps: 


1 


io Change Precedence]: 


In the Filters window, select the filter for which you wish to change 
the precedence. 


Click on the Reorder button. 


The Change Precedence window appears, as shown in Figure 2-26. 


© INSERT BEFORE 
@ INSERT AFTER 


Precedence 


Number : | | 


Figure 2-26. Change Precedence Window 


3. 


Click on the button next to either INSERT BEFORE or INSERT 
AFTER. 


Type a number in the Precedence Number box to indicate which 

filter you should insert the selected filter before or after. For the 

example shown, if you wish to place the selected filter after filter 
number 1, type a 1in the Precedence Number box. 


Click on the OK button. 


You are returned to the Filters window. The filters are now shown 
in their new order of precedence. 
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Chapter 3 
Protocol Prioritization and Outbound Filters: 
An Overview 


This chapter includes 
q An overview of protocol prioritization and outbound priority filters 
qo Adescription of how protocol prioritization works 


q Instructions for tuning protocol prioritization to optimize 
performance on your network 


o Adescription of how priority filters work 
qo Alist of the predefined datalink and IP filtering criteria 
o Suggestions for ways you might use priority filters for protocol 


prioritization 


Chapter 4 provides instructions for using the Configuration Manager 
to configure priorities and filters. 


Protocol Prioritization and Outbound Filters 


Normally, a router transmits packets in a first-in/first-out (FIFO) 
order. Protocol prioritization allows you to instruct the router to use a 
different transmit order for certain packets on an individual 
synchronous-line interface. Using protocol prioritization, you can also 
configure outbound filters that instruct the router to drop certain 
traffic altogether. 
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You assign priorities or outbound filters based on packet type, packet 
length, or any criteria you can identify by an offset in the packet. 
Depending on how you configure priority for a packet, the router holds 
the packet in one of three priority queues: 


o High priority queue 
o Normal priority queue 


o Low priority queue 


The router drops packets to which you assign outbound filters. The 
packets with no assigned priority automatically go into the normal- 
priority queue. 


Generally, the router transmits traffic in the high-priority queue before 
traffic in the normal-priority queue, and transmits traffic in the 
normal-priority queue before traffic in the low-priority queue. 


Two other configurable values in the protocol prioritization scheme, 
however, also affect the transmission of traffic: quewe depth and line 
delay, or latency. Queue depth dictates the number of packets a priority 
queue can hold. Latency dictates the maximum time delay that high- 
priority traffic can experience. 


See “Tuning Protocol Prioritization for Your Network” later in this 
chapter for a complete description of queue depth and latency and 
their use in optimizing protocol prioritization on your network. 


Why You Would Use Protocol Prioritization 
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Protocol prioritization is useful when several different kinds of traffic 
share a synchronous-line resource. Time-sensitive, smaller-packet 
traffic (for example, DEC LAT or IP Telnet) may be delayed during the 
transmission of larger-packet traffic (for example, file transfers). This 
delay results in loss of connections and poor terminal response. 


Protocol prioritization solves this problem by allowing you to assign a 
high priority to the time-sensitive protocol traffic, thus instructing the 
router to transmit this traffic before normal- and low-priority traffic. 
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Outbound filters allow you to drop completely any traffic you do not 
want on the network. 


You can also use protocol prioritization to expedite traffic coming from 
a particular source or going to a certain destination. For example, if 
you want all traffic from the workstation with the source MAC address 
00:00:A2:00:00:12 to take precedence over other traffic, you can assign 
a high priority to any traffic with that source address. 


Example of Protocol Prioritization 


As an example of how protocol prioritization works, consider the 
network shown in Figure 3-1, and assume the following traffic 
conditions are typical: 


o File transfers from VAX1 to VAX 2 

o File transfers from SUN1 to SUN2 

o LAT sessions from TS1 to VAX2 

o Telnet sessions from SUN3 to SUN4 

You need to set up two priority filters to ensure that the router 
expedites LAT and Telnet traffic from LAN A to LAN B, so that the 
traffic is not delayed by the file transfers going from LAN A to LAN B. 
You apply these filters to Interface IF2, since prioritization is 


concerned with outbound traffic, and the direction of the traffic flow is 
from LAN A to LAN B. 
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Apply priority filter to this interface 


IF4 


Slow sync 
line 


Figure 3-1. Applying a Priority Filter in a Sample Network 


Figure 3-2 shows the priority filters you would assign. Note that these 
filters use predefined criteria. 


Priority Filter 1 (LAT) Priority Filter 2 (Telnet) 


Criteria: Criteria: 
Datalink, Ethernet Type IP, TCP Destination Port 


Range Range 
6004 to 6004 23 to 23 


Action: Action: 
High Queue High Queue 


Figure 3-2. Allotting High-Priority Status to LAT and Telnet Traffic 


Protocol Prioritization and Outbound Filters: An Overview 


How Protocol Prioritization Works 


As the router operates, network traffic from a variety of sources 
converges at the synchronous-line interface. The router sorts the traffic 
into the high, normal, or low queue according to the priority filters that 
you have configured on this interface. Or, if a queue is full, or you have 
configured an outbound filter, the router discards or clips the traffic. 


Protocol prioritization uses either a strict dequeuing algorithm or a 
bandwidth allocation algorithm to drain the priority queues and send 
the traffic to the transmit queue (the differences between the two 
algorithms are discussed in the next section, “Dequeuing Algorithms”). 
Figure 3-3 illustrates the relationship between the priority queues and 
the transmit queue. 


High priority queue 


| Low priority queue 


Transmit queue 
Latency = 250 ms 


Attached media 


20 = Queue depth 


Figure 3-3. Relationship between Priority Transmit Queues 


Dequeuing Algorithms 
This section describes the two dequeuing algorithms that protocol 


prioritization can use: the bandwidth allocation algorithm and the 
strict dequeuing algorithm. 
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Bandwidth Allocation Algorithm 
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By default, protocol prioritization uses the bandwidth allocation 
algorithm to send traffic to the transmit queue. The bandwidth 
allocation algorithm configures utilization percentages for each of the 
queues. When the amount of traffic the router has transmitted from a 
particular queue reaches the utilization percentage you have 
configured, the router transmits traffic in the next priority queue. 


By contrast, if the router uses the strict dequeuing algorithm and there 
is a great deal of high-priority traffic on the network, the router may 
never get the chance to transmit normal- and low-priority traffic. 


The bandwidth allocation algorithm works as follows: 


1. The transmit queue scans the high-priority queue. 


a. 


If there is traffic in the high-priority queue, the router empties 
all packets, up to the utilization percentage you have configured 
(the default is 70 percent), into the transmit queue and 
transmits them. 


If there is no traffic in the high-priority queue, the algorithm 
proceeds to step 2. 


2. The transmit queue scans the normal-priority queue. 


a. 


If there is traffic in the normal-priority queue, the router 
empties all packets, up to the utilization percentage you have 
configured (the default is 20 percent), into the transmit queue 
and transmits them. 


If there is no traffic in the normal-priority queue, the algorithm 
proceeds to step 3. 


3. The transmit queue scans the low-priority queue. 


a. 


If there is traffic in the low-priority queue, the router empties 
all packets, up to the utilization percentage you have configured 
(the default is 10 percent), into the transmit queue and 
transmits them. The algorithm starts again at step 1. 


If there is no traffic in the low-priority queue, the algorithm 
starts again at step 1. 
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Figure 3-4 illustrates the algorithm for bandwidth allocation 
dequeuing. 


Scan high- 
priority 
queue. 


Are 
there packets 
in the high-priority 
queue? 


Transmit all 
packets up to 
the utilization 
percentage. 


Scan normal- 
priority 
queue. 


Transmit all 
packets up to 
the utilization 
percentage. 


there packets in 
the normal-priority 


Scan low- 
priority 
queue. 


Are 
there packets 
in the low-priority 
queue? 


Transmit all 
YES packets up to 


the utilization 
percentage. 


NO 


Figure 3-4. Bandwidth Allocation Dequeuing Algorithm 
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How Protocol Prioritization Works 


Strict Dequeuing Algorithm 


3-8 


Protocol prioritization uses the strict dequeuing algorithm to send 
traffic to the transmit queue. This algorithm works as follows: 


1. The transmit queue scans the high-priority queue. 


a. 


If there is traffic in the high-priority queue, the router empties 
all packets, up to the hardware limit, into the transmit queue 
and transmits them. (The hardware limit is the maximum 
number of packets the router can queue to the transmit queue 
at one time. It is not a configurable number.) 


If the latency value or the hardware limit is reached, the 
transmit queue starts again, scanning and emptying traffic 
from the high-priority queue. 


If latency or the hardware limit is not reached, the algorithm 
proceeds to step 2. 


If there is no traffic in the high-priority queue, the algorithm 
proceeds to step 2. 


2. The transmit queue scans the normal-priority queue. 


a. 


If there is traffic in the normal-priority queue, the router 
empties all packets, up to the latency value, into the transmit 
queue and transmits them. 


If latency is reached, the transmit queue starts again at step 1, 
scanning and emptying traffic from the high-priority queue. 


If latency is not reached, the algorithm proceeds to step 3. 


If there is no traffic in the normal-priority queue, the algorithm 
proceeds to step 3. 


3. The transmit queue scans the low-priority queue. 


a. 


If there is traffic in the low-priority queue, the router empties 
all packets, up to the latency value, into the transmit queue and 
transmits them. At this point, whether or not latency is 
reached, the algorithm starts again at step 1. 


If there is no traffic in the low-priority queue, the algorithm 
starts again at step 1. 
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Figure 3-5 illustrates the strict dequeuing algorithm. 


Scan priority 
queues from 
high to low. 


Are 
there packets 
in the high-priority 
queue? 


Was the 
hardware 


Transmit all 
packets up to 
the hardware limit. 


latency 


reached? YES 


Are 
there packets in 
the normal-priority 
queue? 


Transmit all 
packets up to 
latency bytes. 


Was 
latency 
reached? 


Are 
there packets 
in the low-priority 
queue? 


Transmit all 
YES packets up to 


latency bytes. 


NO 


Figure 3-5. Strict Dequeuing Algorithm 
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Queue Depth 
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This section explains how to use queue depth and latency to achieve 
maximum protocol prioritization results for your network. 


Queue depth is the number of packets each queue can hold. The default 
value is 20 packets (regardless of packet size). 


When you configure the queue depth, you assign buffers (which hold 
the packets) to the queue. To determine whether there are enough 
buffers for the traffic flow on your network, examine the following two 
protocol prioritization statistics, which are kept for each priority 
queue: 


qo HiWater Packets Mark 
The greatest number of packets that have been in each queue. 
o Clipped Packets Count 


The number of packets the router has discarded from each queue. 
(The router discards packets from full priority queues.) 


Generally, if a queue’s Clipped Packets Count is high, and its HiWater 
Packets Mark is close to or equal to its queue depth, you have not 
assigned enough buffers to that queue. 


For example, suppose that you use the default queue depth (20 
packets) for all priority queues. Upon inspection of the statistics, you 
see that the high-priority queue’s Clipped Packets Count is 226, and its 
HiWater Packets Mark is 20 (Figure 3-6). 
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Queue Depth = 20 Queue Depth = 20 Queue Depth = 20 
Clip Count = 226 Clip Count = 0 Clip Count = 0 
HiWater Mark = 20 HiWater Mark = 10 HiWater Mark = 06 


HIGH NORMAL LOW 
Figure 3-6. Sample Statistics for the Priority Queues 


The statistics indicate that the high-priority queue has been full at 
least once and that the router has discarded 226 packets. To determine 
whether this is simply a transient condition caused by router startup 
or some other temporary network condition, you may want to reset the 
Clipped Packets Count and HiWater Packets Mark (you reset the 
statistics by selecting the Zero Totals option on Site Manager’s Protocol 
Prioritization Statistics window) and check them again later. 


If you check the statistics later and they have similar values, you can 
conclude that you have not assigned enough buffers to the high- 
priority queue for the amount of high-priority traffic on this interface. 


You can do one of two things to alleviate this problem. The first option 
is to reconfigure the queue depths. Looking at the statistics of the 
normal- and low-priority queues, you find that the low-priority queue 
has a Clipped Packets Count of zero, and a HiWater Packets Mark of 
six. Thus, there have never been more than six packets in the low- 
priority queue, and the router has not discarded any packets. 


At this point, you may choose to reconfigure the low-priority queue 
depth to ten, and increase the high-priority queue depth to 30. To see 
whether this reallocation solves the problem, reset the Clipped Packets 
Count and HiWater Packets Mark counters and check them again 
later. 


Your second option is to remove the high-priority status of some traffic. 
You should be selective in assigning high-priority status. If there are 
too many traffic types with high-priority status, the high-priority 
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traffic could delay the normal- and low-priority traffic, especially if you 
use the strict dequeuing algorithm (see the “Dequeuing Algorithms” 
section, earlier in this chapter, for descriptions of the two algorithms 
the router can use to transmit traffic). 


Latency, or line delay, specifies how many normal- or low-priority bytes 
the router can allocate to the transmit queue (the queue that scans and 
drains the priority queues and transmits traffic) at any one time. 
Latency determines, therefore, the greatest delay that a high-priority 
packet can experience. 


Latency is based on the line speed of the attached media. The following 
formula illustrates the relationship between line speed, bits queued, 
and the latency value: 


Bits queued 


Latency = ———_______—- 
Line speed (bits/sec) 


The default value for latency is 250 ms. This value allows good 
throughput and also preserves rapid terminal response (rapid echoing 
of keystrokes and timely response to commands) over most media. You 
can change the default latency value. Keep in mind, however, that if 
you configure a higher latency value (thus allowing more room on the 
transmit queue), the throughput becomes greater, but you sacrifice 
terminal response. We recommend accepting the default value of 

250 ms. 


Table 3-1 shows the number of packets of a given size that the router 
can queue to the transmit queue in order to achieve a latency of 250 ms 
over different types of media. Note that the information in this table is 
based on 90 percent bandwidth utilization. 
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Table 3-1. Maximum Number of Packets Queued to Achieve 250-ms Latency 


Number of Packets T1 
Queued Latency = 250 ms 1.544 MB/s 56 KB/s 9.6 KBs 


60 bytes (small pkt) 643 pkts 23 pkts 4 pkts 


1514 bytes (Ethernet) 25 pkts 0 (.92) pkts 0 (.16) pkts 
4096 bytes (FDDI) 0 (.34) pkts | 0 (.06) pkts 


Priority Filters 


This section describes priority filters and templates and the 
parameters you specify to configure them. 


When you configure protocol prioritization or outbound filters, you 
configure a priority filter; that is, a set of conditions and an action that 
you apply to a circuit or interface. 


To use priority filters, it is important to understand the difference 
between a template and a filter. A filter template is a reusable, 
predefined specification for a filter. A template contains a complete 
filter description but is not associated with an interface or circuit. 


Each supported protocol allows up to 31 filters per interface. As filters 
are added to an interface, they are numbered chronologically in the 
following fashion: rule #1, rule #2, rule #3, and so on. 


The order in which you add filters to an interface determines the filter 
precedence. The first filter has the highest precedence and a rule 
number of 1. Subsequent filters have decreasing precedence. If two 
filters apply to the same packet, but the first filter on the interface 
(rule # 1) accepts the packet and the second filter (rule # 2) drops the 
packet, rule # 1 has precedence and the packet will be accepted. See 
the section “Applying Filter Precedence” in Chapter 4 for more 
information. 
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Creating Templates 


Each filter template file holds specific filtering information (criteria, 
ranges, and actions). 


You create a filter when you apply (save) a template to one or more 
interface (circuit). You can apply a single template to as many 
interfaces as you want. Once you create a template file, it exists for 
future use unless you delete it. 


When you create a template, you first assign it a name. It is a good idea 
to give each template file a one-word descriptive name. For example, if 
you are building a template that is going to contain filtering 
information instructing the interface to queue all LAT traffic to the 
high queue, you may want to name the template something like 
LAThigh. 


After you name a template file, you select criteria and address ranges 
for checking packets. You then select the action to impose on packets 
that match the specified criteria and ranges. 


Once you specify filtering criteria, ranges, and actions, you save the 
template file, thus creating a filter template. When you add this 
template to an interface, you have created a priority filter on that 
interface. 


For a detailed, step-by-step example of creating a filter template from 
scratch, follow the procedures in Chapter 4. 


Adding a Filter to an Interface 
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When you want to add a priority filter to an interface, you have several 
options: 


o Ifthere is a template that contains the exact filtering instructions 
that you want for this interface, you can apply (save) that template 
to this interface. 


o Ifthere is a template that contains filtering instructions similar to 
what you want, you can copy the template, rename it, and edit it. 
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When you save the changes, you create a new template. You can 
then apply the new template to any interface for which its filtering 
instructions are appropriate. 


qo Ifthere is no template containing filtering instructions similar to 
what you want for this interface, you must create a template from 
scratch. 


o Ifthere is an existing priority filter on the interface that contains 
filtering instructions similar to what you want, you don’t need to 
use a filter template. You can edit the existing filter directly and 
save it. 


Refer to Chapter 4, “Using the Configuration Manager 
to Configure Priority Filters” for instructions on each of these options. 


Note: Because you create filters on a per-protocol basis, you must 
become familiar with the specific criteria and actions used for 
filtering by each protocol before applying filters. The next 
section describes criteria, ranges, and actions. 


Filtering Criteria, Ranges, and Actions 


Filters include three components: 
o Criteria 


Filtering criteria are parts of a packet, frame, or datagram header 
that you specify to be checked on each frame. Each filtering 
criterion has one or more ranges associated with it. 


o Range 


A range is associated with a filtering criterion. There must be at 
least one range per criterion. A range can be just one value, or it 
can be a set of values. You specify a minimum and a maximum 
value for each range. For example, if you specify MAC Source 
Address as a filtering criterion, you must specify which address(es) 
to filter. You could specify 0x0000A2000001 as the minimum value 
and 0x0000A2000008 as the maximum value. Then the router 
would check all outgoing packets to see whether their MAC source 
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address is between 0x0000A2000001 and 0x0000A20000038, 
inclusive. If you want a range of only one value, enter only the 
minimum value; the system automatically uses that value for both 
the minimum and maximum and sets a range of one value. 


og Action 


An action determines what happens to outgoing packets that match 
one of the ranges for every criteria in the filter. Actions are 


High — Any frame matching the filter is queued to the high queue. 
Low — Any frame matching the filter is queued to the low queue. 


Length — Once a frame has matched the filter, the frame’s length 
determines the priority queue into which it is placed, based on 
levels you select. 


Accept — Any frame that matches the filter is accepted. 
Drop — Any frame matching the filter is dropped. 


Log — Any time a frame matches the filter, the router sends notice 
of that match as an event to the system Events log. You can specify 
Log in combination with High, Low, or Drop, or Length. 


You can select only one Action per criteria. Actions are mutually 
exclusive, except the Log Action. 


Note: The router automatically queues any frame that does not match 
a filter to the normal queue. 
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When you create a priority or outbound filter, you have the option of 
using either predefined criteria or user-defined criteria. The following 
sections describe 


o Predefined criteria for the datalink header 
oq Predefined criteria for IP traffic 


o User-defined criteria 
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Datalink Predefined Criteria 


You can configure priority or outbound filters based on the predefined 
datalink criteria listed in Table 3-2. 


Table 3-2. Predefined Criteria for Datalink Header 


Packet Type or Predefined Criteria 
Component 


Datalink Type MAC Source Address* 
MAC Destination Address* 
Ethernet Type 

Novell 

802.2 Length 

802.2 DSAP 

802.2 SSAP 

802.2 Control 

802.2 SNAP Length 

802.2 SNAP Protocol ID 
802.2 SNAP Ethernet Type 


Source Routing DSAP 
SSAP 


Frame Relay Two-byte DLCI 
Three-byte DLCI 
Four-byte DLCI 
NLPID 
Ethernet Type 


* Enter Source-Routed MAC Addresses in the following format: 


Wellfleet Standard Canonical format 
PPP MSB format 
Frame Relay WF Proprietary Canonical format 
Frame Relay Standard MSB format 
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IP Predefined Criteria 


3-18 


You can configure priority or outbound filters based on the predefined 
IP criteria listed in Table 3-3. 


Table 3-3. Predefined Filter Criteria for IP Traffic 


Packet Type or Predefined Criteria 
Component 


(‘THaee °° | Header Type wuectserace,=~=~*«=<“‘ ‘*~*S*é“‘“‘é$#!TC;*;™;™;C*S Service 

IP Source Address 

IP Destination Address 
UDP/TCP Source Port 
UDP/TCP Destination Port 
Protocol 


Destination Address* 
Source Address* 
SSAP 

DSAP 


Frame Relay Two-byte DLCI 
Three-byte DLCI 
Four-byte DLCI 

NLPID 


Source Routing 


* Enter Source-Routed MAC Addresses in the following format: 


Wellfleet Standard Canonical format 
PPP MSB format 
Frame Relay WF Proprietary Canonical format 
Frame Relay Standard MSB format 
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User-Defined Criteria 


You can configure priority or outbound filters based on specified bit 
patterns in the packet header. To create a priority filter on user-defined 
criteria, you specify Reference, Offset, and Length, which together 
describe the location of the criteria in the outgoing packet, as follows: 


o Reference 
Positions the filtered bit pattern within the outgoing frame. 
o Offset 


Positions the filtered bit pattern (measured in bits) in relation to 
the reference point. 


o 6©Length 
Specifies the bit length of the filtered criteria. 


After specifying the reference, offset, and length of the criteria, you 
specify one or more ranges for that criteria. 


Table 3-4 defines the datalink reference points; Figures 3-7 and 3-8 
show examples of where those reference points are located on a packet. 
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Table 3-4. Datalink Reference Points 


MAC Points to the high-order byte of the destina- 
tion address. 

DATA_LINK Points to the first byte after the length/type 
criteria (Data Link Header). 


WAN _ HEADER START Points to the beginning of the header (begin- 
ning of the packet) for PPP and Frame 
Relay. 


WAN_HEADER_END 


FR_MPE 


SOURCE_ROUTE_START 
destination address. 


SOURCE_ROUTE_DATA_ Points to the first byte after the RIF field. 
LINK 


MAC DATALINK 


MACDA | MACSA =i DSAP | SSAP_ | CONTROL 


Figure 3-7. Datalink Reference Points on an IEEE 802.3 LLC Header 


Points to the first byte after DLCI in frame 
relay and the first byte after the protocol ID 
in PPP. 


Points to NLPID. (Used in Frame Relay 
only.) 


Points to the beginning of the source routing 
packet, which is the high-order byte of the 
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WAN_HEADER_START FR MPE 


WAN_HEADER_END 


OX03 joo 00 80 00 80 C2 00 07 LENGTH DSAP 


SOURCE _ _ START 


SOURCE_ROUTE_DATA_LINK 


Figure 3-8. Datalink Reference Points on a Source Routing Packet Bridged over 
Frame Relay 


Table 3-5 defines the IP reference points, and Figure 3-9 shows an 
example of where those reference points are located in a packet. 
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Table 3-5. IP Reference Points 


[HEADER START  — START Points to Ponterothe arstbeiathe Picadas, first byte in the IP header. 
HEADER_END Points to the first byte after the IP header. 


WAN_HEADER_START Points to the beginning of the header (begin- 
ning of the packet) for PPP and Frame 
Relay. 


Points to the first byte after DLCI in Frame 
Relay and the first byte after the protocol ID 
in PPP. 


WAN_HEADER_ END 


SOURCE_ROUTE_START 


Points to the beginning of the source routing 
packet, which is the high-order byte of the 
destination address. 


SOURCE_ROUTE_DATA Points to the first byte after the RIF field. 
LINK 


| 
| 
| 


WAN_HEADER_START SOURCE_ROUTE_DATA_LINK 


SOURCE_ROUTE_START 


WAN_ “\ END 


HEADER ee HEADER_END 


Figure 3-9. IP Reference Points on a PPP Packet with IP Encapsulated 
Source Routing 
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Example of User-Defined Filter 


Suppose that you are bridging VINES traffic over Ethernet, and you 
want all packets with a destination network number of 1234 (hex) to 
take precedence over all other traffic. You would complete the following 
steps to set up filtering criteria (for specific instructions on using 
Configuration Manager to set up filters, see Chapter 4). 


1. Specify an Ethernet Type field of OxBAD (VINES). Ethernet Type is 
a predefined criteria. 


2. Determine the reference, offset, and length values of the 
Destination Network field within the header (Figure 3-10). 


MAC Header | VINES Header 
g—_________—_____ | -_—________—__» 


Figure 3-10. VINES Header 
3. Set Reference, Offset, and Length as shown in Table 3-6. 


Table 3-6. Reference, Offset, and Length Values 


MAC (beginning of frame) 


Offset 160 bits (sum of all criteria that precede the 
Destination Network field, or 
48+48+16+16+16+8+8) 
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4. Specify the range to go with the criteria described by Reference, 
Offset, and Length. In this case, you would specify 0x1234 for both 
the minimum and maximum values. 


Implementation Notes 


This section provides some suggestions about ways to use outbound 
filters for protocol prioritization. 


IP and Datalink Filters for Common Criteria 


To configure outbound filters for criteria held in common by IP and 
datalink, create two filters: one for the IP type and the other for the 
datalink. To configure a filter to apply to either IP or datalink only, 
create one filter of the appropriate type. 


Example 


If you want a rule with a priority of High for all Frame Relay traffic 
with DLCI 400, create filters for both IP and datalink using the DLCI 
criterion and a range of 400 to 400. 


Protocol Prioritization, Outbound Filters, and Dial Backup 


If you want to configure protocol prioritization or outbound filters on a 
synchronous line for which you have configured a backup line, please 
keep the following considerations in mind: 


o Ifthe primary line is running PPP and the line fails, the router 
automatically transfers all the priorities and outbound filters you 
have configured on the primary line to the backup line. 


o Ifthe primary line is running a wide-area protocol other than PPP 
and the line fails, the router does not transfer any datalink 
priorities or outbound filters to the backup line. You must manually 
configure datalink priorities and outbound filters on the backup 
line after that line is activated. The router does transfer IP 
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priorities or outbound filters to the backup line, no matter what 
protocol was running on the primary line. 


Note: Be careful when configuring priorities and filters on the backup 
line. As soon as the primary line is reactivated, it uses the 
priorities and filters you configured for the backup line. These 
priorities and filters may be completely inappropriate for the 
protocol running on the primary line. 


Prioritizing LAT Traffic 
To prioritize your LAT traffic, create a priority filter with the following 
information: 
go Criteria: Datalink, Ethernet Type 
o Range: 6004 to 6004 
qo ©6Action: High Queue 


Prioritizing Telnet Traffic 


To prioritize your Telnet traffic, create a priority filter with the 
following information: 


o Criteria: IP, TCP Destination Port 
o Range: 23 to 23 
o Action: High Queue 


Prioritizing RIP Traffic 


To prioritize your RIP traffic, create a priority filter with the following 
information: 

o Criteria: IP, UDP Destination Port 

o Range: 520 to 520 


o ©6Action: High Queue 
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Prioritizing OSPF Traffic 
To prioritize your OSPF traffic, create a priority filter with the 
following information: 
o Criteria: IP, Protocol Type 
o Range: 89 to 89 
o Action: High Queue 


Prioritizing OSPF/BGP Traffic 
To prioritize your OSPF/BGP traffic, create a priority filter with the 
following information: 
o Criteria: IP, Type of Service 
o Range: Oxe0 to Oxe0 
o ©6Action: High Queue 


Prioritizing Spanning Tree Traffic 
To prioritize your Spanning Tree traffic, create a priority filter with the 
following information: 
o Criteria: Datalink, DSAP/SSAP/Control 
a Range: 0x42 to 0x42 | 0x42 to 0x42 | 0x03 to 0x03 
Oo Action: High Queue 


Prioritizing Native Source Routed Bridge Traffic 


To prioritize your native SRB traffic, create a priority filter with the 
following information: 

o Criteria: Datalink, SNAP, Ethertype 

o Range: 8101 to 8101 


o Action: High Queue 
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Prioritizing IP Encapsulated Source Routed Bridge Traffic 
To prioritize your IP encapsulated SRB traffic, create a priority filter 
with the following information: 
o Criteria: IP, UDP Destination Port 
o Range: 12288 to 12288 
o Action: High Queue 


Prioritizing Source Routed SNA Traffic 
To prioritize your SRB SNA traffic on Wellfleet Standard, PPP or 


Frame Relay, create a priority filter with the following information: 
o Criteria: Source Route, DSAP/SSAP 
o Range: 04 to 04 | 08 to 08 | 0c to 0c 


o Action: High Queue 
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Chapter 4 
Using the Configuration Manager 
to Configure Priority Filters 


This chapter describes how to use the Configuration Manager tool to 
configure priority filters and edit interface-specific protocol 
prioritization parameters. 


To configure traffic filters, see Chapter 2, “Using the Configuration 
Manager to Apply Traffic Filters.” 


Configuring Priority Filters 


To configure priority filters, you first display the Configuration 
Manager’s Priority/Outbound Filters window, as described in the next 
section. Then, use the Priority/Outbound Filters window as follows: 


O 


Create, copy, or edit a filter template as described in “Preparing 
Filter Templates.” 


Apply a filter template to an interface as described in “Creating a 
Filter.” 


Change the filtering order as described in “Applying Filter 
Precedence.” 


Temporarily disable or enable a filter as described in “Enabling or 
Disabling a Priority Filter.” 


Remove a filter from an interface as described in “Deleting a 
Priority Filter.” 
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Displaying the Priority/Outbound Filters Window 
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To configure outbound priority filters for a particular interface, you 
must first display the Priority/Outbound Filters window for the 


circuit’s protocol. 


Complete the following steps: 


1. From the Configuration Manager window, select Circuits Edit 
Circuits. The Circuit List window appears. 


2. Select a circuit interface. 


8. Click on the Edit button. The Circuit Definition window appears. 


4. Ifyou have already added protocol prioritization to the circuit, go to 


Step 7. 


If there has never been a protocol priority on the circuit, select 
Protocols>Add/Delete. The Select Protocols window appears. 


5. Scroll down the list of protocols to select Protocol Priority, as shown 


in Figure 4-1. 


Io Select Protocols 


Protocols 


C1 XN 
Cl -RIP(ANS) 
CJ AppleTalk 

CiSource Routing 
<] = =SK Span Tree 
Cl Translate/LB PY 
M Protocol Priority 
£1 Os I 
LLC 
2) DLSw 


Figure 4-1. Selecting Protocol Priority from Protocols List 
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6. Click on the OK button. 
The Circuit Definition window appears. 


7. Select Protocols>Edit Protocol Priority>Priority/Outbound Filters, 
as shown in Figure 4-2. 


fo] Circuit Definition 


Lines Window 


Add/Delete PF | 
Contd rait Bridge p 


Edit Protocol Priority p/ Interface... 
Protd OTS. " . ' - fn 
Bridge Priority/Outbound Filters, .. 


Protocol Priority 


Circuit Name: 


Figure 4-2. Selecting the Priority/Outbound Filters Window 


The Priority/Outbound Filters window appears (Figure 4-3). 


(@ Priority/Outbound Filters Ell: 


am: +o 
a: eee 
i! ce 

am: eee 


Filter Enable 


Filter Name | : 


Figure 4-3. Priority/Outbound Filters Window 
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Proceed now to the appropriate section: 

o “Preparing Filter Templates” 

“Creating a Filter” 

“Applying Filter Precedence” 

“Enabling or Disabling a Priority Filter” 


oO OF OF OQ 


“Deleting a Priority Filter” 


Preparing Filter Templates 


To add a filter template to an interface: 
o Create a new filter template or use an existing template. 


a Add desired filtering criteria, ranges, and actions to a template. 


See the “Creating a Filter” section to apply (save) a filter template to 
an interface. 


Prepare a template to use with a selected interface as follows: 
1. Start at the Priority/Outbound Filters window (Figure 4-3). 
2. Click on the Template button. 
The Filter Template Management window appears (Figure 4-4). 


[el Filter Template Management El] 
Templates: 


Figure 4-4, Filter Template Management Window 
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Decide whether to create a new template or use an existing 
template. More often than not, you will be able to use existing 
templates to build new ones. 


If a filter template exists with information you might use, you can 

copy or modify the existing template; you don’t need to create a new 
one. Skip the next section,“Creating a New Template,” and go now 
to the steps in “Copying a Template.” 


If no existing template matches your needs, you must first create a 
new template for your circuit as described in the next section. 


Creating a New Template 


A. 


At the Filter Template Management window (Figure 4-4), click on 
the Create button. 


The Create Priority/Outbound Template window appears 
(Figure 4-5). 


Enter a descriptive name for the new template in the Filter Name 
box. 


Click on the OK button to save the new template. 
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fe Create Priority/Outbound Template 
(Criteria Range Action 


Figure 4-5. Create Priority/Outbound Template Window 


8. Proceed with the steps in “Editing a Template.” Skip the next 
section, “Copying a Template.” 
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Copying a Template 


When you want to add a filter to an interface, you do not always have 
to create a new template. You can do one of two things to use an 
existing template: 


Oo 


Copy the existing template, rename it, and then edit it. 


This preserves the original template and creates an entirely new 
template with the same criteria and actions. You can then modify 
the new version to suit your needs. 


Edit the existing template. 


If you do not want or need to preserve the original template, you 
can edit it without first copying and renaming it. (Changing a 
template does not affect interfaces to which the template has 
already been applied.) 


To duplicate an existing template, proceed with the steps below. 


To edit an existing template without preserving the original, proceed 
with the next section, “Editing a Template.” 


Note: You can also edit or copy a template using a text editor. The 


1. 
2. 


Configuration Manager stores all templates in a file called 
template. fit. 


Start at the Filter Template Management Window (Figure 4-4). 


If the Filter Template Management box is displaying the name of 
the template you want to copy, go to the next step. 


If the Filter Template is not currently displaying the name of the 
template you want to copy, choose the template you want to copy. 


If there is no existing template to match your needs, you must first 
create a new template for your circuit, as described in the previous 
section. 
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3. Click the Copy Button. The Copy Filter Template window appears 


(Figure 4-6). 


lel Copy Filter Template 


Copy template Bridgetltot3 


Figure 4-6. Copy Filter Template Window 


4. 


Enter a name for the new template in the box provided. (Remember 
to give your template a name that reflects its contents.) 


Click on the OK button. 


You are returned to the Filter Template Management window. The 
name you just assigned to the new template appears in the 
Templates scroll box. 


Proceed to “Editing a Template” to customize the new template. 


Once you create or copy a filter template, you can edit the template to 
apply the filters you want. 


If you want to use the template without editing it, skip this section and 
go on to “Creating a Filter.” 


1. 
2. 


Start at the Filter Template Management window. 


Select the name of the template you want to edit in the Template 
scroll box. 


Click on the Edit button. 


The Edit Priority/Outbound Template window appears 
(Figure 4-7). 
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You modify the template by adding, modifying, or deleting filter 
criteria, ranges, and actions, as described in the following sections: 


o “Adding Template Criteria” 

qo “Adding Template Actions” 

gq “Modifying a Template Range” 
q 


“Deleting Template Criteria, Ranges, and Actions” 


ie Edit Priority/Outbound Template 
Criteria Range Action 


Filter Name: dropbridge 


Filter a 
ae PRIORY DATALINE. — DROP 


Criteria: 
PRIORITY DATALINK - MAC SOURCE 


Ranges: 
0x00004200021-0x 00004200023 


nT meee tS Cenne 


Figure 4-7. Edit Priority/Outbound Template Window 


4-9 


Configuring Priority Filters 


Adding Template Criteria 


To add filter criteria to a template, begin at the Edit Priority/Outbound 
Template window (Figure 4-7). 


1. Select Criteria>Add; then select either Datalink or IP and the 
protocol-specific criterion you want to add. 


The Add Range window appears (Figure 4-8). 


Note: You must specify at least one range for each criterion. 


l@l Add Range El] 


Name: . drop, sample 
Criteria: PRIORITY _DATALINK - MAC_DESTINATION 


Minimum value | a 
pxina vane [J] 


Figure 4-8. Add Range Window 


2. Inthe Minimum value and Maximum value boxes, specify the low 
and high values of the range you want to filter. 


If the range you want consists of just one value, specify that value 
in both boxes. 


Note: When you enter values for minimum and maximum value, the 
Configuration Manager assumes the value is a decimal number. 
You must use the prefix Ox to enter a hexadecimal number. 
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3. Click on the OK button. 


The Edit Priority/Outbound Template window reappears 
(Figure 4-7). The new criterion and range appear in the Filter 
Information scroll box. 


Adding Template Actions 


To add, remove, or modify filter actions, begin at the Edit Priority/ 
Outbound Template window (Figure 4-7); then follow the steps below. 


1. 
2. 


Select Action, and either IP or Datalink. 


Select Add Action, then select the action you want to impose on 
packets that match any of this template’s ranges of filtering criteria 
(High Queue, Low Queue, Length, Drop, Accept, or Log). 


Note: You can select Log in combination with any of the other choices, 


3. 


or as the only selection. 


Unless you selected the Length action, skip to Step 5 to confirm the 
action you selected. 


If you select Length, the Prioritization Length window (Figure 4-9) 
appears. On this screen you can specify that when a packet 
matches this filter, the priority queue into which it is placed 
depends on the packet’s length. 
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fe] PRIORITIZATION LENGTH 


Configuration Mode: local 
SNMP Agent: LOCAL FILE 


Packet Length 
Less Than or Equal Queue 
Greater Than Queue 


Figure 4-9. Prioritization Length Window 


4. Qn the Prioritization Length window, edit the length parameters, 
using the following parameter descriptions as guidelines. Click on 
the OK button when you are done. 


Parameter: Packet Length 
Default: None 
Range: 0 to 4608, expressed in bytes 


Function: Defines a packet length measurement to which 
each packet is compared. An action is imposed on 
every packet, depending on whether it is less 
than, equal to, or greater than the value you set 
for this parameter. This action also depends on 
the values of the Less Than or Equal Queue and 
the Greater Than Queue parameters. 


Instructions: Either accept the current value, or enter a new 
value in bytes. 


MIB Object ID: =:1.3.6.1.4.1.18.3.5.1.4.4.1.7 
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Parameter: 
Default: 
Options: 


Function: 


Instructions: 
MIB Object ID: 
Parameter: 
Default: 


Options: 


Function: 


Instructions: 


MIB Object ID: 


Using the Configuration Manager 


Less Than or Equal Queue 
Normal 
High | Low | Normal 


Dictates which queue a packet is placed in if its 
packet length is less than or equal to the value of 
Packet Length. For example, if Packet Length is 
1024 bytes, any packet that is 1024 bytes or 
smaller is placed in the queue you choose for this 
parameter. 


Either accept the default, Normal, or select either 
Low or High. 


1.3.6.1.4.1.18.3.5.1.4.4.1.8 


Greater Than Queue 


Low 
High | Low | Normal 


Dictates into which queue a packet is placed if its 
packet length is greater than the value of Packet 
Length. For example, if Packet Length is 1024 
bytes, any packet that is 1025 bytes or larger is 
placed in the queue you choose for this parameter. 


Either accept the default, Low, or select either 
Normal or High. 


1.3.6.1.4.1.18.3.5.1.4.4.1.9 


5. Click on the OK button when you are done editing parameters. 


The Edit Priority/Outbound Template window shows the newly 
selected action in the Filter Information scroll box. 
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Modifying a Template Range 


If you need to change a range for any criterion, begin at the Edit 
Priority/Outbound Template window (Figure 4-7); then complete the 
following steps. 


Note: You must have at least one range specified for each criterion. 


Select the range you want to modify by clicking on the range line 
inside the Filters Information box. 


With the range selected, click on the Modify button. 


Use the Range Min: and Max: value boxes (located near the bottom 
of the window, as shown in Figure 4-7) to specify a new low and 
high range for the selected filter criterion. 


Note: When entering range values, you must use the prefix Ox to 


4. 


specify a hexadecimal number. 


Click on the OK button when you are satisfied with the values for 
all criteria ranges. 


Deleting Template Criteria, Ranges, and Actions 


If you want to remove a configured filter criterion, action, or range 
from a template, begin at the Edit Priority/Outbound Template 
window (Figure 4-7) and follow these steps: 


i” 


From the Filter Information scroll box, select the criterion, range, 
or action you want to delete. 


Click on the Delete button. 


A confirmation window (Delete Criteria, Delete Range, or Delete 
Action) appears. 


Click on the Delete button to confirm. 
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You are returned to the Edit Priority/Outbound Template window. The 


criterion, range, or action you just deleted no longer appears in the 
Filter Information scroll box. 


Repeat this procedure for each item you want to delete from a 
template. 


Creating a Filter 


To create a new filter, you apply a filter template to an interface as 
follows: 


1. Start at the Priority/Outbound Filters window (Figure 4-3). 
2. Click on the Create button. 


The Create Filter window appears, as shown in Figure 4-10. 


ol Create Filter al 
| 


Interfaces: 


dropbridge 


drop? 


Figure 4-10. Create Filter Window 
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If the correct interface is not already highlighted, select the 
interface. 


Select the template you want to use for the new filter. 
Type a name for the new filter in the Filter Name box. 
Click on OK. 


The Priority/Outbound Filters window (Figure 4-3) appears, with 
the new filter displayed in the scroll box. 


Editing Priority Filter Criteria, Ranges, and Actions 


Adding Criteria 
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You can edit priority filters on individual interfaces. When you do, only 
the filter on that specific interface is affected. 


The Edit Priority/Outbound Filters window (Figure 4-11) provides the 
following options for editing a filter, described in subsequent sections: 


Oo 


Oo 
O 
O 


Adding filtering criteria 
Changing criteria ranges 
Adding actions 


Deleting criteria, actions, or ranges 


To add a filtering criterion to a priority filter, begin at the 
Edit Priority/Outbound Filters window (Figure 4-11) and complete the 
following steps: 


1. 
2. 


Select Criteria>Add. 
Select either the Datalink or the IP option. 


Another menu appears, showing you the header-specific filtering 
criteria options. 


Select the criterion you want to add to this template. 


The Add Range window appears. 
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4. Specify the low and high ends of the range you want to filter in the 
Minimum value and Maximum value boxes. 


If the range you want to filter consists of just one value, specify that 
value in the Minimum value box. The system will use that value for 
both the minimum and the maximum. 0 is not a valid entry for 
minimum or maximum value. 


eo Edit Priority/Outbound Filters 


(Criteria Range Action 


esa 


Filter Information: 
Ootors: 
PRIORITY DATALINK - DROP 


Criteria: 
PRIORITY DATALINK - MAC SOURCE 


es! 
0x00000a200021-0200000a200023 
PRIORITY DATALINK - MAC DESTINATION 
es! 
0x 000080a20021-0x00000a2 00023 


we ear] [a] [see] [co] 


Figure 4-11. Edit Priority/Outbound Filters Window 


5. Click on the OK button. 
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Modifying Ranges 


The criterion and range you just specified appear in the Filter 
Information scroll box in the Edit Priority/Outbound Filters 
window. 


To change a criterion’s range, begin at the Edit Priority/Outbound 
Filters window (Figure 4-7) and complete the following steps: 


1: 


Adding Actions 
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Select the range you want to modify a range from the criteria list in 
the Filter Information scroll box. 


Specify the new low and high ends of the range you want to filter in 
the Minimum value and Maximum value boxes. 


If the range you want to filter consists of just one value, specify that 
value in the Minimum value box. The system will use that value for 
both the minimum and the maximum. 0 is not a valid entry for 
minimum or maximum value. 


Click on the OK button. 


The range you just specified appears in the Range List scroll box in 
the Edit Criteria window. For each range you want to modify, 
repeat these steps. 


When you are finished modifying ranges for this criterion, select 
File>Save (and exit). 


The ranges you specify appear in the Filter Information scroll box 
in the Edit Priority/Outbound Filters window. 


To add an action to a filter, begin at the Edit Priority/Outbound Filters 
window (Figure 4-11) and complete the following steps: 


1. 


From the Action menu, select either the Datalink or the IP option; 
then select the Add Action option. 


Select the action you want to impose on packets that match any of 
the template’s filtering criteria. 
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3. Unless you selected the Length action, skip to Step 5 to confirm the 
action you selected. 


If you select the Length action, the Prioritization Length window 
(Figure 4-9) appears. On this screen you can specify that when a 
packet matches this filter, the priority queue into which it is placed 
depends on the packet’s length. 


4. Edit the length parameters on the screen using the parameter 
descriptions given earlier in this chapter. 


5. Click on the OK button. 


The Edit Priority/Outbound Filters window (Figure 4-11) appears. 
The action you have just added appears in the Filter Information 
scroll box. 


Deleting Criteria, Ranges, and Actions 


If you no longer want to include a criterion, an action, or a configured 
range in a template, begin at the Edit Priority/Outbound Filters 
window (Figure 4-11) and complete the following steps: 


Note: There must be at least one criterion, range, and action fora 
template to be complete. 


1. Select the criterion, range, or action you want to remove in the 
Filter Information scroll box. 


A Delete confirmation (Delete Criteria, Delete Range, or Delete 
Action window) appears. 


2. Click on the Delete button. 


The Edit Filter window appears. The criterion, range, or action you 
just deleted no longer appears in the scroll box. 


Repeat this procedure for each item you want to delete from a 
template. 
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Applying Filter Precedence 
Create filters on the interface in order of precedence. 


If possible, use a strategy that accomplishes your filtering goals mainly 
with drop filters, since these result in faster router performance than 
accept filters do. 


Figure 4-12 shows a sample listing of filters on an interface. 


[eo] Priority/Outbound Filters 


DLH1 drop, sample 


IP#1 Dropbridge | 


[P#2 IP, sample? 


Filter Enable ENABLED 14 
Filter Name IP, samplez 2 : 


Figure 4-12. Sample List of Priority Filters 


The first IP filter (called Dropbridge) has the highest precedence and a 
rule number of 1. Subsequent IP filters created on the interface have 
decreasing precedence. If the first IP filter on the interface (rule #1) 
drops a packet and the second filter (rule #2) accepts the same packet, 
rule #1 has precedence and the packet will be dropped. 
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If you need to change the order of precedence, complete the following 
steps: 


1. In the Priority/Outbound Filters window (Figure 4-3), select the 
filter for which you wish to change the precedence. 


2. Click on Reorder. 


The Change Precedence window appears, as shown in Figure 4-13. 


io Change Precedence] 


© INSERT BEFORE 
@ INSERT AFTER 


Precedence 
Number : 


Cancel 


Figure 4-13. Change Precedence Window 


3. Click on the button next to either INSERT BEFORE or INSERT 
AFTER. 


4. Type a number in the Precedence Number box to indicate which 
filter you should insert the selected filter before or after. For the 
example shown, you place the selected filter (#1) after filter 
number 2 by typing a 1in the Precedence Number box. 


5. Click on the OK button. 
You are returned to the Priority/Outbound Filters window. The filters 
are now shown in their new order of precedence, as shown in 


Figure 4-14. Compare the order of filters in Figure 4-12 with the order 
in Figure 4-14. 
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(@ Priority/Outbound Filters 


DL#1 drop, sample 
IP#1 IP, sample? 
IP#2 Dropbridge 


Filter Enable ENABLED I; 
Filter Name IP, samp lez : 


Figure 4-14. Example of Priority Filter Order Change 


Enabling or Disabling a Priority Filter 


You can disable and re-enable priority filters on individual interfaces. 
When you do, only the filter on that specific interface is affected. To 
disable or re-enable a filter, complete the following steps. 


1. From the Priority/Outbound Filters window (Figure 4-3) select the 
circuit/filter pair from the scroll box for which you want to disable 
or re-enable the filter. 


The current filter status appears in the Filter Enable and Filter 
Name boxes at the bottom of the window. 


2. Click on the Values button. 


The Values window appears, as shown in Figure 4-15. 
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io Values Selection 


Filter Enable 


@ ENABLED 
& DISABLED 


Figure 4-15. Filter Enable/Disable Values Selection 


3. Select ENABLED or DISABLED. 

4. Click on the OK button. 

5. Repeat the steps for each filter you want to disable or re-enable. 
6 


Click on the Done button when you are finished. 


Deleting a Priority Filter 
To delete a priority or outbound filter from an interface, complete the 
following steps: 


1. From the Priority/Outbound Filters window (Figure 4-3) select the 
interface/priority filter pair you want to delete. 


2. Click on the Delete button. 


3. The system deletes the filter from the interface, and the filter no 
longer appears in the priority filters scroll box in the 
Priority/Outbound Filters window. 
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Any circuit to which you have added protocol prioritization uses 
default values that dictate how priority filters work on the interface. 
You can edit these parameters according to your network traffic needs. 
To do so, complete the following steps: 


1. From the Circuit Definition window of the Configuration Manager, 
select Protocols Edit Protocol Priority Interfaces. 


The Edit Protocol Priority Interface window (Figure 4-16) appears. 


This window shows all interfaces to which protocol prioritization 
has been added, regardless of whether or not there are any priority 
filters currently active on the interfaces. 


je Edit Protocol Priority Interface: 551 EA) 


Cancel 


= 
an 


Configuration Mode: local 
SNMP Agent: LOCAL FILE | Values... 
Help... 


Enable ABLE 
High Queue Size 


Normal Queue Size 


Low Queue Size 
Max High Queue Latency vast 
High Water Packets Clear 


Prioritization Algorithm Type BANDWIDTH ALLOCATION | 
High Queue Percent Bandwidth 


[DS 2 Doo 72 BS 
> |: > PF oo 


Normal Queue Percent Bandwidth 20) 


Low Queue Percent Bandwidth 


Figure 4-16. Edit Protocol Priority Interface Window 
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2. Edit those parameters you want to change, using the descriptions 
following this procedure as guidelines. 


3. Click on the OK button when you are finished editing interface- 
specific parameters. 


Priority Interface Parameter Descriptions 


Use the following descriptions as guidelines when you configure 
parameters on the Edit Protocol Priority Interface window. 


Parameter: 
Default: 
Options: 


Function: 


Instructions: 


MIB Object ID: 


Parameter: 
Default: 
Range: 


Function: 


Enable 
Enable 
Enable | Disable 


Toggles protocol prioritization on and off on this 
interface. If you set this parameter to Disable, all 
priority and outbound filters will be disabled on 
this interface. Setting this parameter to Disable is 
useful if you want to temporarily disable all 
priority filters, rather than delete them. 


Set to Disable if you want to temporarily disable 
all protocol prioritization activity on this 
interface. Set to Enable if you previously disabled 
protocol prioritization on this interface and now 
want to re-enable it. 


1.3.6.1.4.1.18.3.5.1.4.1.1.2 


High Queue Size 
20 packets 
Any integer value 


Dictates the size limit, in packets, of the high- 
priority queue. For example, if the value of this 
parameter is 15, there can be no more than 15 
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Instructions: 


MIB Object ID: 


Parameter: 
Default: 
Range: 


Function: 


packets in the high-priority queue at any one 
time. For more information about how queue 
depths are used for tuning protocol prioritization 
in your network, see the section “Tuning Protocol 
Prioritization for Your Network” in Chapter 3. 


Either accept the default of 20 packets, or enter a 
new value. 


1.3.6.1.4.1.18.3.5.1.4.1.1.4 


Normal Queue Size 
20 packets (200 packets for Frame Relay) 
Any integer value 


Dictates the size limit, in packets, of the normal- 
priority queue. For example, if the value of this 
parameter is 15, there can be no more than 15 
packets in the normal-priority queue at any one 
time. For more information about how queue 
depths are used for tuning protocol prioritization 
in your network, see the section “Tuning Protocol 
Prioritization for Your Network” in Chapter 3. 


Note: For Frame Relay interfaces, a value of less than 200 might 
cause a broadcast message to be clipped. 


Instructions: 
MIB Object ID: 


Parameter: 
Default: 
Range: 


Hither accept the default or enter a new value. 
1.3.6.1.4.1.18.3.5.1.4.1.1.5 


Low Queue Size 
20 packets 


Any integer value 


Function: 


Instructions: 


MIB Object ID: 


Parameter: 


Default: 
Range: 


Function: 


Instructions: 


MIB Object ID: 
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Dictates the size limit, in packets, of the low- 
priority queue. For example, if the value of this 
parameter is 15, there can be no more than 15 
packets in the low-priority queue at any one time. 
For more information about how queue depths are 
used for tuning protocol prioritization in your 
network, see the section “Tuning Protocol 
Prioritization for Your Network” in Chapter 3. 


Either accept the default of 20 packets or enter a 
new value. 


1.3.6.1.4.1.18.3.5.1.4.1.1.6 


Max High Queue Latency 
250 ms 
100 to 5000 ms 


Indicates the greatest possible delay for your 
high-priority traffic. This parameter dictates how 
many normal- or low-priority bytes can be on the 
transmit queue at any one time, and therefore the 
ereatest delay that a high-priority packet can 
experience. 


Latency is based on the line speed of the attached - 
media. For a given line speed, the number of bits 
that can be queued to the transmit queue at any 
one time is determined by the configured latency 
value. For more information about how latency is 
used for tuning protocol prioritization in your 
network, see the section “Latency” in Chapter 3. 


Either accept the default latency of 250 ms, or 
enter a new latency value. We recommend 
accepting the default latency value of 250 ms. 


1.3.6.1.4.1.18.3.5.1.4.1.1.8 
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Parameter: 
Default: 
Range: 


Function: 


Instructions: 


MIB Object ID: 


Parameter: 
Default: 
Options: 


Function: 


High Water Packets Clear 
None 
Any integer value 


If you change the value of High Queue Size, 
Normal Queue Size, or Low Queue Size, you can 
reset the high water marks for each queue to zero 
by changing the value of this parameter. If the 
value of this parameter is different from the last 
time you checked the high water statistics on Site 
Manager’s Protocol Prioritization Statistics 
window, then the system resets the high water 
marks for each queue to zero and begins keeping 
statistics on the maximum number of packets 
queued in each queue and the number of packets 
discarded because the new queue depth was 
exceeded. 


For more information about how queue depths are 
used for tuning protocol prioritization in your 
network, refer to “Tuning Protocol Prioritization 


_ for Your Network” in Chapter 3. 


Enter a new integer value for this parameter if 
you wish to clear the high water marks when you 
change a queue size. 


1.3.6.1.4.1.18.3.5.1.4.1.1.19 


Prioritization Algorithm Type 
BANDWIDTH ALLOC 
BANDWIDTH ALLOC | STRICT 


Selects the dequeuing algorithm used by protocol 
prioritization to drain priority queues and 
transmit traffic. With strict prioritization, the 
router always transmits traffic in the high- 
priority queue before traffic in the other queues. 


Instructions: 


MIB Object ID: 


Parameter: 
Default: 
Range: 


Function: 


Instructions: 


MIB Object ID: 
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With bandwidth allocation, the router transmits 
traffic in a queue until the utilization percentage 
you configure for that queue is reached,.and then 
the router transmits traffic in the next-lower- 
priority queue. 


Either accept the default of BANDWIDTH 
ALLOC or select STRICT. 


1.3.6.1.4.1.18.3.5.1.4.1.1.24 


High Queue Percent Bandwidth 
70 percent 
0 to 100 percent 


If you select the bandwidth allocation dequeuing 
algorithm, this parameter specifies the 
percentage of the synchronous line’s bandwidth 
allocated to traffic that has been sent to the high- 
priority queue. When you set this parameter to 
something other than 100, each time the 
percentage of bandwidth used by high-priority 
traffic reaches this limit, the router transmits 
traffic in the normal- and low-priority queues (if 
any traffic is queued) up to the configured 
percentages for those priorities. 


Specify the percentage of the line’s bandwidth 
that should be allocated for high-priority traffic. 
The High Queue Percent Bandwidth, Normal 
Queue Percent Bandwidth, and Low Queue 
Percent Bandwidth values must total 100. 


1.3.6.1.4.1.18.3.5.1.4.1.1.25 
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Parameter: 
Default: 
Range: 


Function: 


Instructions: 


MIB Object ID: 


Parameter: 
Default: 
Range: 


Function: 


Instructions: 


MIB Object ID: 


Normal Queue Percent Bandwidth 
20 
0 to 100 percent 


If you select the bandwidth allocation dequeuing 
algorithm, this parameter specifies the minimum 
percentage of the synchronous line’s bandwidth 
that normal-priority traffic can use. 


Specify the minimum percentage of the line’s 
bandwidth that should be allocated to normal 
traffic. The High Queue Percent Bandwidth, 
Normal Queue Percent Bandwidth, and Low 
Queue Percent Bandwidth values must total 100. 


1.3.6.1.4.1.18.3.5.1.4.1.1.26 


Low Queue Percent Bandwidth 
10 percent 
0 to 100 percent 


If you select the bandwidth allocation dequeuing 
algorithm, this parameter specifies the minimum 
percentage of the synchronous line’s bandwidth 
that low-priority traffic can use. 


Specify the minimum percentage of the line’s 
bandwidth that should be allocated to low-priority 
traffic. The High Queue Percent Bandwidth, 
Normal Queue Percent Bandwidth, and Low 
Queue Percent Bandwidth values must total 100. 


1.3.6.1.4.1.18.3.5.1.4.1.1.27 
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